A new volume was created under control of SMS.  Users had a violation ACF99913 ACF2 VIOLATION-08,06 on SYS1.VVDS of VOLSER volser.  The cause was there was no VVDS for allocation on VSAM files.    According to IBM, "when the catalog address space makes the call to DADSM to create the VVDS it sets flags in the PLIST so that no RACF checking is done "  Can ACF2 turn off the security checking of the VVDS for new volumes?

Release : 16.0

Component : CA ACF2 for z/OS

ACF2 does not turn off validation of VVDS under a DADSM call.  ACF2 checks for rules under SYS1.VVDS.  ACF2 looks at this as a feature as sites can then decide what volumes have VSAM and what volumes don't.  Rules can be written to a volume level.  ACF2 Support recommends only a System Programmer or the Storage group have the ALLOCATE rule for the dataset.  All other users can then read and write to it.

$KEY(SYS1)
VVDS UID(-) VOLUME(volname1) R(A) W(A) E(A) 
VVDS UID(uid of sysprogs) VOLUME(volname1) R(A) W(A) A(A) E(A)
VVDS UID(uid of storage group) VOLUME(volname1) R(A) W(A) A(A) E(A) 
VVDS UID(-) VOLUME(volname2) R(A) W(A) E(A) 
VVDS UID(uid of sysprogs) VOLUME(volname2) R(A) W(A) A(A) E(A)
VVDS UID(uid of storage group) VOLUME(volname2) R(A) W(A) A(A) E(A)