The ACFRPTRV report picks up this violation:
RLOG-XXXXXXX.CA7 *VIO RLOG-XXXXXXX STC CALOGGER STCINRDR SYSX ACF9CAUT NO-REC - DIRECTRY UPDT 20.064 03/04 10.01 CALOGGER CALOGGER CALOGGER 0 0 20 0 16 SAF RESOURCE CLASS LOGSTRM RESOURCE NAME: XXXXXXX.CA7
How should a rule be written?
Release : 16.0
Component : CA ACF2 for z/OS
The rule would look like this:
CA7 UID(**********CALOGGER) SERVICE(READ UPDATE) ALLOW
Then you would restart the STC (or address space) for the new rule to take effect.