How can the ACFRPTDS report showing a violation be used to write a rule in ACF2?
Article ID: 185826
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
LDAP SERVER FOR Z/OS
PAM CLIENT FOR LINUX ON MAINFRAME
WEB ADMINISTRATOR FOR TOP SECRET
The ACFRPTRV report picks up this violation:
R009777 20.063 03/03 09.53 DATASET VIOLATION RKEY=#PPAGCY
P1AMSRPT VOL=ABCABC DDN=PANDD1 DSN=ABC.DEF.PPANLIB
STEP0010 VOL=ABCABC PGM=PAN#2 LIB=CAI.ABC.V123.CBA3LINK
JOB11934 DA-OPN UPDATE $MODEAB NAM=AMIT SETHI ROL=ABCMD
AUL1 SRC=V0020 UID=AH010A01234 R009777
How should a rule be written?
If the user R009777 is getting a violation for update access to dataset ABC.DEF.PPANLIB, the dataset rule needed would be
DEF.PPANLIB UID(AH010A01234*R009777) R(A) W(A)
Then the user would need to log off and back on for the new rule to take effect.
Release : 16.0
Component : CA ACF2 for z/OS
From the output, we can see that the call is coming in as an update. This is irrespective of what you think it should be doing.
E009736 20.063 03/03 09.53 DATASET VIOLATION RKEY=#PPAGCY
P1AMSRPT VOL=STOR3D DDN=PANDD1 DSN=PAN.AGCY.PPANLIB
STEP0010 VOL=SWOEMA PGM=PAN#2 LIB=CAI.PAN.V146.CBA3LINK
JOB11934 DA-OPN UPDATE $MODEAB NAM=AMIT SETHI ROL=%CMDL2
AUL1 SRC=V0020 UID=AH010H13000 E009736
If the user needs access to this dataset, as suggested before, the rule needs to give this user access to read(a) and write(a).