There are file resources being protected by OS native permissions but you need to grant regular users access to them. You can write selang rules in PIM to grant access to them using the sesudo utility and SUDO, PROGRAM classes.

Example:

user below is tester1 that is Admin, Auditor and  Server but being blocked to access the seos.audit file that was copied to /tmp/calogs/seos.audit

without rules in place you would see this denial from the OS:

-sh-4.2$ /opt/CA/AccessControl/bin/seaudit -a -fn /tmp/calogs/seos.audit
CA ControlMinder seaudit  v12.81.0.2919 - Audit log lister
Copyright (c) 2013 CA. All rights reserved.

Cannot access /tmp/calogs/seos.audit

File permissions on /tmp/calogs/seos.audit are:

-rw-------.  1 root root 15305 Jan 30 17:13 seos.audit

Use the following rules to grant tester1 access using the sesudo utility:

# /opt/CA/AccessControl/bin/selang

AC> er program /opt/CA/AccessControl/bin/sesudo defacc(x) audit(all)

AC> auth program /opt/CA/AccessControl/bin/sesudo uid(tester1)

AC> er SUDO seaudit comment('/opt/CA/AccessControl/bin/seaudit;;') owner(nobody) audit(all) defacc(n)

AC> auth SUDO seaudit uid(tester1)

running the following command will give you access to seos.audit:

-sh-4.2$ /opt/CA/AccessControl/bin/sesudo seaudit -a -fn /tmp/calogs/seos.audit
CA ControlMinder seaudit  v12.81.0.2919 - Audit log lister
Copyright (c) 2013 CA. All rights reserved.
30 Jan 2018 08:01:01 O LOGOUT       root                  49  2 _CRONJOB_

.

.

.

Total records displayed 183
Command 'seaudit', (/opt/CA/AccessControl/bin/seaudit),  performed by tester1.

link to the sesudo utility for reference:

https://docops.ca.com/ca-privileged-identity-manager/12-9/EN/reference/reference-guide/sesudo-utility