A TSSUTIL violation report reveals two violations, which always occur at midnight, presumably because of the z/OS or CICS time change messages.
CA TOP SECRET VERSION 15.0 SECURITY ACTIVITY/INCIDENTS REPORT # 01 10/18/16 10:14:20 PAGE 00001
DATE TIME SYSID ACCESSOR JOBNAME FACILITY MODE VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC JOBID TERMINAL
-------- -------- ----- -------- -------- -------- ---- -- -------- -------- -------- ------- --- ------- --------
10/17/16 00:00:00 ssss aaaaaa *MASTER* BATCH FAIL 01 IEFENFWT *1C*-06 INI
RESOURCE TYPE & NAME : NAME=name
10/18/16 00:00:00 ssss aaaaaa *MASTER* BATCH FAIL 01 IEFENFWT *1C*-06 INI
RESOURCE TYPE & NAME : NAME=name
I would have expected the default facility STC to be assigned rather than BATCH when issued for JOBNAME(*MASTER*). Program IEFENFWT is apparently IBM's ENF. 'aaaaaa' is the default ACID for the STC table. It is also explicitly assigned to several tasks.
This is not a resource access violation by the STC (started task) itself. The message TSS7100E and the indicator 'INI' in the TSSUTIL entry indicate some type of logon request was initiated within the master address space, probably by the ENF wait program IEFENFWT. Since this is not a logon request as part of an STC initialization, but rather as code running in an active address space, it is using the BATCH facility as the alternative.