TPX interface for ACF2 does not use SAF calls rather it uses an SVC call.
Hence a standard SAF resource rule will not work to verify access to the TPX application.
Access to TPX can be restricted in an ACF2 environment by resource rule of type (APL).
Sample resource rule :
Since the TPX calls are non-SAF this will not work. ACF2 handles non-SAF calls differently.
ACF2 C(GSO) OPTS field, controls APPL validations for 'non-SAF' requests using parm XAPPLVLD.
XAPPLVLD | NOXAPPLVLD
Specifies whether CA ACF2 will assign an APPL if no APPL is passed by the caller.
On a SAF VERIFY/VERIFYX request, CA ACF2 will assign an APPL or 'MVS' followed by
the 4-character SMFID of the system. On a NON-SAF signon request, if no APPL is
passed by the caller, CA ACF2 will assign an APPL of 'TSO' followed by the
4-character SMFID of the system for TSO signon or 'MVS' followed by the
4-character SMFID of the system for any other signon.
Using XAPPLVLD will require an update to SAMT(table) for ACF2 in TPX, for Return code ACF01046 - NOT AUTHORIZED TO APPL TPX.
Add an entry #0001046 to the SAMT table and RELOAD to activate new table.