DATASET access is not checking for rules
search cancel

DATASET access is not checking for rules

book

Article ID: 115869

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction



On the production system, a user is getting a violation for a dataset, ACF99913, but on the test LPAR they do not even though the rules are the same.

Environment

Release:
Component: ACF2MS

Resolution

In ACF2, if the PREFIX of the logonid matches the high-level qualifier, then that users OWNS that high-level and rules are not checked.  For that reason, you should not give out a logonid with PREFIX(********) as that user would then own every dataset on the system.

Additional Information

To troubleshoot why a user gets unexpected access to datasets or resources, add TRACE to the users logonid, and have them logoff and back on, and then recreate the situation.  SMF records will be cut for every dataset or resource that user attempts to access while TRACE is on.  Run the ACFRPTDS or ACFRPTRV to get this information.
 
CHANGE logonid TRACE
Powered by Wolken Software