We are pursuing the implementation of PTFs for IBM APAR OA45793 with z/OS 2.2 .According to the PTF HOLDDATA, unix files with the sticky bit set, and have either set-uid or set-gid attributes, whose program is found in the MVS search order, will require a FACILITY class security profile (BPX.STICKYSUG.pgmname) for the program to execute successfully. Without the profile, the process abends with SEC6 RSNE055.

How to handle IBM APAR OA45793 changes with CA ACF2 release 15 and 16 running on z/OS 2.1 and above? 

Due to its design ACF2 denies access to any resource for which there is no rule. Since this is a "trigger" and not a real validation, SAFDEF is the way to go to tackle this situation.

Please try this one: 

INSERT SAFDEF.STICKY ID(STICKY) MODE(IGNORE) 

RACROUTE(REQUEST=AUTH,CLASS=FACILITY,ENTITYX=BPX.STICKYSUG.-) 

If you intend to test one program, put that in the ENITYTX for the - spot after STICKYSUG.   

Make sure to issue the REFRESH for SAFDEF after the insert is done by using command:

F ACF2,REFRESH(SAFDEF)

IBM Knowledge Center Links:

APAR OA45793 changes

Setting up the UNIX-related FACILITY and SURROGAT class profiles (review section on BPX.STICKYSUG.program_name)