I am getting the 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message when trying to INSERT a logonid with 'CANCEL' even though I have access to the CASECAUT Resource 'ACFCMD.USER.CANCEL', why?
search cancel

I am getting the 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message when trying to INSERT a logonid with 'CANCEL' even though I have access to the CASECAUT Resource 'ACFCMD.USER.CANCEL', why?

book

Article ID: 15096

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

I am getting the 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message when trying to INSERT a logonid with 'CANCEL' even though I have access to the CASECAUT Resource 'ACFCMD.USER.CANCEL', why?

Environment

Release:
Component: ACF2MS

Resolution

The 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message is based on comparing the privileges(SECURITY, ACCOUNT, and LEADER) of the logonid issuing the INSERT command to the authority requirements the @CFDE macro of the fields specified on the INSERT command. 

If the ALTER= parameter of the entry has "ALTER=SECURITY" and not ALTER=SECURITY+ACCOUNT" then that would explain why the ACF00103 error is occurring. 

Please note the CASECAUT Resource check for ACFCMD.USER.CANCEL is only checked for CHANGE commands not INSERT commands so the $KEY(ACFCMD.USER.CANCEL) TYPE(AUT) rule would allow CHANGE id CANCEL but not INSERT id CANCEL.