Beginning with version 2 of the MLDAP ESM Module (available in Enterprise Server 2.3 and some hotfixes for Enterprise Server 2.2 Update 2), you can also define resource-rule names based on the name of the user who is requesting access. This lets you create generic rules that apply to resources that include the user's name in the resource name. Typically this is used for rules in the DATASET and JESSPOOL classes, to give users access to resources that include their name as a qualifier.
When determining rule precedence, rules with username substitution rank as high as if the user's name appeared literally in the rule. A rule like USER.${user}.** will take precedence over one named USER.*.** when the user's name appears as the second qualifier in the dataset name.
[Operation] Version 1 authentication=no Rule substitutions=yes
The Version 1 authentication line is not needed (but allowed) in Enterprise Server 2.3 and later.
LDIF syntax for a pair of rules that gives each user access to their own datasets under USER.**, while denying other users access to them:
dn: CN=USER.${user}.**,CN=DATASET,CN=Enterprise Server Resources,CN=Micro Focus,CN=Program Data,DC=X
changetype: add
objectClass: microfocus-MFDS-Resource
microfocus-MFDS-Resource-Class: DATASET
microfocus-MFDS-Resource-ACE: allow:*:alter
microfocus-MFDS-UID: USER.${user}.**
description: Allow full access to user's own area
dn: CN=USER.**,CN=DATASET,CN=Enterprise Server Resources,CN=Micro Focus,CN=Program Data,DC=X
changetype: add
objectClass: microfocus-MFDS-Resource
microfocus-MFDS-Resource-Class: DATASET
microfocus-MFDS-Resource-ACE: allow:*:none
microfocus-MFDS-UID: USER.**
description: Users don't have access to each other's areas
 
               	 LDIF syntax for a rule that gives each user control over their own spool output:
dn: CN=*.${user}.**,CN=JESSPOOL,CN=Enterprise Server Resources,CN=Micro Focus,CN=Program Data,DC=X
changetype: add
objectClass: microfocus-MFDS-Resource
microfocus-MFDS-Resource-Class: JESSPOOL
microfocus-MFDS-Resource-ACE: allow:*:control
microfocus-MFDS-UID: *.${user}.**
description: Give each user control over their own spool output
 
               		In the JESSPOOL class, resources have the format localnodeid.userid.jobname.jobid.dsnumber.name. This rule matches when the requesting user's name appears as the userid qualifier, and gives that user control authority.