search cancel

How to determine what resource rule to write for ACF2?

book

Article ID: 187103

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC

Issue/Introduction

Here is an issue that was reported by a user trying to set up z/OS Connect API functionality and receiving error message:

CWWKS2909E: A SAF authentication or authorization attempt was rejected because the server is not authorized to access the following SAF resource: APPL-ID BBGZDFLT. Internal error code 0x03008108

[3/17/20 19:37:36:401 GMT] 0000002b id=c9dff7d0 com.ibm.ws.security.saf.SAFExceptioncom.ibm.ws.security.saf.SAFException: CWWKS2909E: A SAF authentication or authorization attempt was rejected because the server is not authorized to access the following SAF resource: APPL-ID BBGZDFLT. Internal error code 0x03008108


[3/17/20 19:37:36:403 GMT] 0000002b id=c9dff7d0 com.ibm.ws.security.saf.SAFException
< getMessage Exit
CWWKS2909E: A SAF authentication or authorization attempt was rejected because the server is not authorized to access the following SAF resource: APPL-ID BBGZDFLT. Internal error code 0x03008108.
[3/17/20 19:37:36:401 GMT] 0000002b id=c9dff7d0 com.ibm.ws.security.saf.SAFException
< <init> Exit 
com.ibm.ws.security.saf.SAFException: CWWKS2909E: A SAF authentication or authorization attempt was rejected because the server is not authorized to access the following SAF resource: APPL-ID BBGZDFLT. Internal error code 0x03008108.

How to determine what resource rule to write for ACF2?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

The steps need to find and create a resource rule if needed include:

  • running the ACFRPTRV for a user
  • determining what resource(s) user is trying to access
  • write a rule to give appropriate access to the user

Additional Information

ACFRPTRV
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/reporting/acfrptrv-resource-event-log.html#toccontentbroadcomtechdocsusencamainframesoftwaresecuritycaacf2forzos160administratingadministerrulesresourceruleshtmlResourceRules