What does an 8 8 40 on an R_DATALIB INITACEE IBM RACF callable mean?

The 8 8 40 is received because both of the following conditions are true:

1. There is no acid on the security file associated through Certificate Name Filtering with the digital certificate being passed on the R_DATALIB INITACEE IBM RACF callable service.
   
   In this example, users enter the system with a certificate subject that starts with:
   
   OU=NJ.OU=Sales.O=ABC Co
   
   These users are assigned ACID NJDEPT1 if the certificate was issued by the VeriSign certificate authority. If the subject matched but the certificate was issued by another certificate authority the user is assigned ACID NJDFLT.
   
   TSS ADD(NJDEPT1) CERTMAP(NJMAP1)
   LABLCMAP('NJ Dept 1 Map')
   TRUST
   IDNFILTR('OU=VeriSign Class 1 Individual Subscriber.O=VeriSign, Inc.L=Internet')
   SDNFILTR('OU=NJ.OU=Sales.O=ABC Co')
   TSS ADD(NJDFLT) CERTMAP(NJDFLT)
   LABLCMAP('NJ Default user')
   TRUST
   SDNFILTR('OU=NJ.OU=Sales.O=ABC Co')
   
   
2. ***AND*** The certificate is not owned by any user on the Top Secret Security File.
   
   To own a certificate created by Top Secret use the TSS GENCERT command.
   
   Example:
   
   TSS GENCERT(owing_acid) DIGICERT(digicertname) SUBJECTN(xxxxxxxxxxxxxxxxx).
   
   To own a certificate not created by Top Secret use the TSS ADD command.
   
   Example:
   
   TSS ADD(owning_acid) DIGICERT(digicertname) DCDSN(certificate.dataset) TRUST