ACF2 SECURITY logonids Unable to use File Manager MQ component

search cancel

ACF2 SECURITY logonids Unable to use File Manager MQ component

book

Article ID: 141232

calendar_today

Updated On: 10-16-2023

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

ACF2 logonids with NON-CNCL and SECURITY are allowed access to all datasets and resources so access cannot be prevented to the File Manager MQ FACILLITY class resource FMNMQ.DISABLE.system_name using ACF2 resource rules.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Since ACF2 logonids with NON-CNCL and SECURITY are allowed access to all datasets and resources so access cannot be prevented to the File Manager MQ FACILLITY class resource FMNMQ.DISABLE.system_name using ACF2 resource rules.

To prevent logonids with NON-CNCL or SECURITY access to the File Manager MQ FACILLITY class resource FMNMQ.DISABLE.system_name the following SAFDEF can be used.

ACF
SET CONTROL(GSO)
INSERT SAFDEF.FMMQ FUNCRET(20) FUNCRSN(0) ID(FMMQ) MODE(IGNORE) -
NOAPFCHK RACROUTE(REQUEST=AUTH CLASS=FACILITY ENTITY=FMNMQ.DISABLE.system_name) -
RETCODE(0) USERID(*******)
F ACF2,REFRESH(SAFDEF)

Additional Information

For details see IBM File Manager for z/OS V14.1 documentation Section: Disabling Websphere MQ feature by system name.

Feedback

Was this article helpful?

thumb_up Yes

thumb_down No