search cancel

Getting message Resource ACF04056 Violation in ACF2

book

Article ID: 190239

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 - z/OS ACF2 - MISC

Issue/Introduction

Receiving below ACF2 error  message
ACF04056 ACCESS TO RESOURCE DISPLAY.GROUPS TYPE RSAF BY AB12345 NOT AUTHORIZED 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Anytime message ACF04056 is received it means that the user doesn't have access to the resource mentioned. If the message is:
'ACF04056 ACCESS TO RESOURCE DISPLAY.GROUPS TYPE RSAF BY AB12345 NOT AUTHORIZED' user AB12345 doesn't have the access requested to class SAF resource DISPLAY.GROUPS.
Note that the TYPE field in the resource rule should just be the last 3 characters of the TYPE field in the ACF04056 message. The ACF04056 error provides the R in front as normal ACF2 resource records contain an R in the record key before the 3 character type code.

In order to find what access was attempted, run the ACFRPTRV report against the active SMF at the time of the ACF04056 violation for the user. Decompile the rule. Find the access that was attempted and write rules accordingly.

Sample TSO, ACF command to DECOMP a Resource rule:

ACF
SET RESOURCE(SAF)
DECOMP DISPLAY

Sample ACFRPTRV JCL:

//REPORT  EXEC PGM=ACFRPTRV                     
//SYSPRINT DD SYSOUT=*      
//* THE FOLLOWIND DDS SHOULD POINT TO  CURRENT SMF
//* THE "D SMF" OPERATOR COMMAND CAN BE USED TO LIST CURRENT SMF                   
//RECMAN1  DD DISP=SHR,DSN=SYS1.MAN1            
//RECMAN2  DD DISP=SHR,DSN=SYS1.MAN2            
//RECMAN3  DD DISP=SHR,DSN=SYS1.MAN3            
//SYSIN    DD *                                 
TITLE(ACFRPTRV)                                 
MASK(AB12345)                                   
/*