TPX interface for ACF2 does not use SAF calls rather it uses an SVC call.
Hence a standard SAF resource rule will not work to verify access to the TPX application.
TPX 5.4
ACF2 16.0
z/OS
Access to TPX can be restricted in an ACF2 environment by resource rule of type (APL).
Sample resource rule :
$KEY(TPX) TYPE(APL)
UID(USR01) PREVENT
UID(*) ALLOW
Since the TPX calls are non-SAF this will not work. ACF2 handles non-SAF calls differently.
ACF2 C(GSO) OPTS field, controls APPL validations for 'non-SAF' requests using parm XAPPLVLD.
XAPPLVLD | NOXAPPLVLD
Specifies whether CA ACF2 will assign an APPL if no APPL is passed by the caller.
On a SAF VERIFY/VERIFYX request, CA ACF2 will assign an APPL or 'MVS' followed by
the 4-character SMFID of the system. On a NON-SAF signon request, if no APPL is
passed by the caller, CA ACF2 will assign an APPL of 'TSO' followed by the
4-character SMFID of the system for TSO signon or 'MVS' followed by the
4-character SMFID of the system for any other signon.
Default:
NOXAPPLVLD
Using XAPPLVLD will require an update to SAMT(table) for ACF2 in TPX, for Return code ACF01046 - NOT AUTHORIZED TO APPL TPX.
Add an entry #0001046 to the SAMT table and RELOAD to activate new table.