How can the ACFRPTRV report showing a violation be used to write a rule in ACF2?
Article ID: 185789
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
LDAP SERVER FOR Z/OS
PAM CLIENT FOR LINUX ON MAINFRAME
WEB ADMINISTRATOR FOR TOP SECRET
Issue/Introduction
The ACFRPTRV report picks up this violation:
RLOG-LGRPPPS.CA7.CA7Q *VIO RLOG-LGRPPPS
STC CALOGGER STCINRDR EPRD ACF9CAUT NO-REC - DIRECTRY UPDT
20.064 03/04 10.01 CALOGGER CALOGGER STC CALOGGER 0 0 20 0 16
SAF RESOURCE CLASS LOGSTRM
RESOURCE NAME: LGRPPPS.CA7.CA7Q
How should a rule be written?
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
The rule would look like this:
$KEY(LGRPPPS) TYPE(LOG)
CA7.CA7Q UID(STC**********CALOGGER) SERVICE(READ UPDATE) ALLOW
Then you would restart the STC (or address space) for the new rule to take effect.
$KEY(LGRPPPS) TYPE(LOG)
CA7.CA7Q UID(STC**********CALOGGER) SERVICE(READ UPDATE) ALLOW
Then you would restart the STC (or address space) for the new rule to take effect.
Feedback
Yes
No
Powered by
