ACF2 resource rule with a SERVICE keyword keeps getting a violation.
search cancel

ACF2 resource rule with a SERVICE keyword keeps getting a violation.

book

Article ID: 130256

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction



ACF2 keeps giving a violation on a resource rule written with a SERVICE keyword.
 
$KEY(OMEG) TYPE(CKC) 
UID(*) SERVICE(READ) ALLOW 

ACFAE900 LID=USER1 TERM=ABCD RESOURCE=TRANS NAME=xxxx 
ACFAE913 ACF2 security violation: Source=yyyyyy Access=V 

Environment

Release:
Component: ACF2MS

Resolution

If the resource call coded by the program does not pass the a requested SERVICE to ACF2, then using SERVICE is not allowed.  The ACFRPTRV report will show if a SERVICE is passed under the column SERV in the report.



REQUESTED RESOURCE                              REC   LOOKUP KEY
UID                      SOURCE   CPU  MODULE   DISP  DSP-MOD   KEY-MOD  SERV
       DATE     TIME     JNAME    LID      NAME                 PRE RMC INT PST FIN

RCKC-xxxx                                       LOG  RCKC-OMEG
uid       yyyyyy  SYS1    RULE        
yy.ddd mm/dd hh.mm    THISJOB  USER1   name                0   0  20   0  16



The rule needs to be changed since no SERVICE was passed.

$KEY(xxxx) TYPE(CKC) 
UID(*)  ALLOW