search cancel

CICS ACF2LOG statistics show a count of ACF2 Resource Violations that cannot be matched by inspection of the ACFRPTRV report nor the CICS joblog. What accounts for this difference?

book

Article ID: 186990

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS

Issue/Introduction

ACF2LOG statistics show a count of ACF2 Resource Violations that cannot be matched by inspection of the ACFRPTRV report nor the CICS joblog. What accounts for this difference?

ACFM FUNCTION SD/GENERAL -- GENERAL INTERACTION WITH THE HOST ACF2 SYSTEM

-------------------------------------------------------------------------

A) CURRENT USERS SIGNED ON  . . . . . . . . . . . . . . . . . .  2

B) TOTAL CA ACF2 CICS SIGN ON ACTIONS . . . . . . . . . . . . .  6

C) TOTAL CA ACF2 CICS SIGNOFF ACTIONS . . . . . . . . . . . . .  4

D) TOTAL NUMBER OF TERMINAL TIMEOUT SCANS PERFORMED . . . . . .  0

E) NUMBER OF USERS SIGNED OFF DURING TIMEOUT SCANS  . . . . . .  0

F) TOTAL ACF2 RESOURCE RULE INTERPRETS  . . . . . . . . . . . .  308

G) TOTAL ACF2 RESOURCE VIOLATIONS DETECTED  . . . . . . . . . .  147

H) TOTAL ACF2 DATASET RULE INTERPRETS . . . . . . . . . . . . .  0

I) TOTAL ACF2 SVC-A REQUESTS MADE . . . . . . . . . . . . . . .  2

 
 

Cause

There can be numerous different types of validations included in the ACF2LOG resource violation count that do not show up in the joblog nor in the RV report.
 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

There can be numerous different types of validations included in the ACF2LOG resource violation count that do not show up in the joblog nor in the RV report.
 
For example, one violation that is not normally logged is a RACROUTE AUTH or FASTAUTH call which specified LOG=NONE or LOG=NOFAIL or LOG=NOSTAT.

Also, any site code which uses the ACGRENT parameter list in calling the ACF2 SVC can result in multiple validations of access for just one SVC call.

Other violations that are counted by the ACF2LOG report will not be seen anywhere else unless you have TRACE set on the related LID.
 
To see all of those ACF2LOG violations you would have to have TRACE set on all LIDs using the CICS region (this isnot recommended)