ACF2 resource rule with a SERVICE keyword keeps getting a violation.

search cancel

ACF2 resource rule with a SERVICE keyword keeps getting a violation.

book

Article ID: 130256

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

ACF2 keeps giving a violation on a resource rule written with a SERVICE keyword.

$KEY(OMEG) TYPE(CKC)
UID(*) SERVICE(READ) ALLOW

ACFAE900 LID=AUSER TERM=ABCD RESOURCE=TRANS NAME=OMEG
ACFAE913 ACF2 security violation: Source=ZXCVBN Access=V

Environment

Release:
Component: ACF2MS

Resolution

If the resource call coded by the program does not pass the a requested SERVICE to ACF2, then using SERVICE is not allowed. The ACFRPTRV report will show if a SERVICE is passed under the column SERV in the report.

REQUESTED RESOURCE                              REC   LOOKUP KEY
UID                      SOURCE   CPU  MODULE   DISP  DSP-MOD   KEY-MOD  SERV
       DATE     TIME     JNAME    LID      NAME                 PRE RMC INT PST FIN

RCKC-OMEG                                       LOG  RCKC-OMEG                
COMDIV       AUSER       ZXCVBN   CPU1         RULE                          
yy.ddd mm/dd    hh.mm    THISJOB  AUSER   JOHN DOE                0   0  20   0  16

The rule needs to be changed since no SERVICE was passed.

$KEY(OMEG) TYPE(CKC)
UID(*) ALLOW

Feedback

thumb_up Yes

thumb_down No