Observed a violation and the following in ACFRPTOM after we upgraded to z/OS 2.3:
CA Mainframe Security - z/OS USS Event Log - PAGE 1 DATE xx/xx/xx (1x.1x4) TIME 16.52
SERVICE USERID GROUP UID GID SAF RC RSN
DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
ck_priv xxxxxxxx yyyyyyyy 164671 1010 8 8 4
xx/xx/xx 1x.1x4 xx.51.41 xxxxxxx sys1 sys1
Failed - User not privileged
Function: unmount_setuid
The userid in question has access to R(UNI) $KEY(SUPERUSER) "FILESYS.-" with SERVICE(READ) ALLOW
As per IBM documentation this is what should be required (as it was working fine with z/OS 2.2):
SUPERUSER.FILESYS.MOUNT on the UNIXPRIV class.