ACF2 resource rule with a SERVICE keyword keeps getting a violation.

book

Article ID: 130256

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction



ACF2 keeps giving a violation on a resource rule written with a SERVICE keyword.
 
$KEY(OMEG) TYPE(CKC) 
UID(*) SERVICE(READ) ALLOW 

ACFAE900 LID=AUSER TERM=ABCD RESOURCE=TRANS NAME=OMEG 
ACFAE913 ACF2 security violation: Source=ZXCVBN Access=V 

Environment

Release:
Component: ACF2MS

Resolution

If the resource call coded by the program does not pass the a requested SERVICE to ACF2, then using SERVICE is not allowed.  The ACFRPTRV report will show if a SERVICE is passed under the column SERV in the report.
REQUESTED RESOURCE                              REC   LOOKUP KEY
UID                      SOURCE   CPU  MODULE   DISP  DSP-MOD   KEY-MOD  SERV
       DATE     TIME     JNAME    LID      NAME                 PRE RMC INT PST FIN

RCKC-OMEG                                       LOG  RCKC-OMEG                
COMDIV       AUSER       ZXCVBN   CPU1         RULE                          
yy.ddd mm/dd    hh.mm    THISJOB  AUSER   JOHN DOE                0   0  20   0  16


The rule needs to be changed since no SERVICE was passed.

$KEY(OMEG) TYPE(CKC) 
UID(*)  ALLOW