The ACFRPTRV report picks up this violation:
R009777 20.063 03/03 09.53 DATASET VIOLATION RKEY=#PPAGCY
P1AMSRPT VOL=ABCABC DDN=PANDD1 DSN=ABC.DEF.PPANLIB
STEP0010 VOL=ABCABC PGM=PAN#2 LIB=CAI.ABC.V123.CBA3LINK
JOB11934 DA-OPN UPDATE $MODEAB NAM=FIRST LASTT ROL=ABCMD
AUL1 SRC=V0020 UID=***********9777
How should a rule be written?
Release : 16.0
Component : CA ACF2 for z/OS
If the user R009777 is getting a violation for update access to dataset ABC.DEF.PPANLIB, the dataset rule needed would be
$key(ABC)
DEF.PPANLIB UID(***********9777) R(A) W(A)
Then the user would need to log off and back on for the new rule to take effect.
From the output, we can see that the call is coming in as an update. This is irrespective of what you think it should be doing.
E009736 20.063 03/03 09.53 DATASET VIOLATION RKEY=#PPAGCY
P1AMSRPT VOL=STOR3D DDN=PANDD1 DSN=PAN.AGCY.PPANLIB
STEP0010 VOL=SWOEMA PGM=PAN#2 LIB=XXXI.PAN.V146.CBA3LINK
JOB11934 DA-OPN UPDATE $MODEAB NAM=AMIT SETHI ROL=%CMDL2
AUL1 SRC=V0020 UID=***********9777
NEXTKEY: PAN
If the user needs access to this dataset, as suggested before, the rule needs to give this user access to read(a) and write(a).