ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
NON-CNCL privilege User IDs showing ACF2 dataset access violation message
Article ID: 129720
ACF2ACF2 - DB2 OptionACF2 for zVMACF2 - z/OSACF2 - MISC
User IDs with NON-CNCL privilege shows ACF2 violation message in syslog and ACFRPTDS, but, the SEC-VIO count in logon ID does not appear to increase. Why does IDs with NON-CNCL privilege throw ACF2 dataset access violation error message. ACF2 test command shows access is allowed.
SYSLOG Messages: ACF99913 ACF2 VIOLATION-04,02,STCLID,RMLS19,CORP.CICS.CPWR.CHKPT,N/A 'IF ACCESS TO THIS RESOURCE IS REQUIRED, CONTACT THE ACF2 ADMINISTRATOR,
TSO, ACF, List of the logonid: list STCLID STCLID CH40151000SJSTCLID DEFAULT LID B.L.D.C. DEPT(1000) ENTRPRZ(CH) FUNCRESP(S) JOBRESP(J) LOCATION(PD) REAL-LOC(4015) PRIVILEGES NON-CNCL STC STATISTICS CRE-TOD(00/00/00-00:00) SEC-VIO(471)
Release: Component: ACF2MS
With NOVSAMFAIL set in Ruleopts record of the GSO, ACF2 will issue a violation message, but WILL NOT FAIL the actual validation but will instead take the existing WARN message in GSO and display it.
If the validation 'should be' allowed, update the rules to allow it. When all rules are corrected, then change Ruleopts record NOVSAMFAIL to VSAMFAIL by issuing the following command to start enforcing the previously allowed VSAM OPEN requests.
A NON-CNCL userid will only report logging on a possible violation and you will not see a ACF99913. NON-CNCL userid will now behave as expected.