*************************************************
* 3 - Keyring and Certificate Security ACF2.txt *
*************************************************
* ACF2 Examples
*
** Keyring Access ACF2 Example **
* Resource rule for Ring-specific profile checking
ACF
SET RESOURCE(RDA)
RECKEY <ringOwner> ADD( <ringName>.LST USER(FTPD) SERVICE(READ) ALLOW)

** Resource rule for Global profile checking **
* Allow access to a keyring owned by FTPD
ACF
SET RESOURCE(FAC)
RECKEY IRR ADD( DIGTCERT.LISTRING USER(FTPD) SERVICE(READ) ALLOW)
* Allow access to a Keyring owned by another user’s userid 
ACF
SET RESOURCE(FAC)
RECKEY IRR ADD( DIGTCERT.LISTRING USER(FTPD) SERVICE(UPDATE) ALLOW)

** Certificate Private Key Access ACF2 Example **
* Sample ACF2 GENCERT, FTPD is the owner:
GENCERT FTPD.CERT SUBJ(CN='FTPd Server Certificate')
* Resource rule for Private Key of a Personal certificate not owned by FTPD:
ACF
SET RESOURCE(RDA)
RECKEY <ringOwner> ADD( <ringName>.LST USER(FTPD) SERVICE(UPDATE) ALLOW)
* Resource rule for Private Key of a SITECERT certificate:
ACF
SET RESOURCE(FAC)
RECKEY IRR ADD(DIGTCERT.GENCERT USER(FTPD) SERVICE(DELETE) ALLOW)