When starting a CICS region status server the following error is seen:
DFHCF0512 RACROUTE REQUEST=FASTAUTH for resource TESTPLEX gave R15=00000008,SAFPRRET=00000008,SAFPRREA=00000000.
DFHCF0513 Attempt to open table TESTPLEX was rejected by the external security manager.
What is causing this problem, and how can it be fixed?
The description of message DFHCF0512 states the following
DFHCF0512 RACROUTE REQUEST=FASTAUTH for resource resource gave R15=rc, SAFPRRET=retcode, SAFPRREA=rsncode.
Explanation: A coupling facility data table OPEN, SET or DELETE security check gave a non-zero return code.
This message indicates the resource name used for the check, the RACROUTE register 15 return code and the
external security manager return and reason codes returned in the SAF request parameter list.
System action: Access to the table is rejected with message DFHCF0513.
User response: See the documentation of the RACROUTE macro with REQUEST=FASTAUTH in
z/OS Security Server RACROUTE Macro Reference (GC28-1922) for the explanation of the return and
description of message DFHCF0513 is as follows
DFHCF0513 Attempt to open table table was rejected by the external security manager.
Explanation: A security check was performed by the
coupling facility data table server to determine whether
the connected region was allowed to open the named
table, and the external security manager indicated that
access was not allowed.
System action: The table open request is rejected.
User response: See the preceding message
DFHCF0512 for the specific reason that access was
rejected. Check that the correct table name was
specified. Ensure that the client region is authorized to
access the resource matching the table name (prefixed
by the server region userid if SECPRFX=YES was
specified) in the CICS file resource class (usually
Release : 16.0
Component : CA ACF2 for z/OS
The FCICFCT violoation is occurrimg outside of ACF2/cics and needs a rule for type SAF
(a different TYPE can be assigned by adding a clasmap record in ACF2 Control(GSO) )
The violation was for UPDATE access.
The resource class is FCICSFCT
The resource name in the validation is TESTPLEX
RSAF-TESTPLEX *VIO RSAF-TESTPLEX
CICSUIDCICS1 STCINRDR SYS2 ACF9CFAT NO-REC - DIRECTRY UPDT
20.191 07/09 12.53 CIC1JOB CICS1TEST CICS REGION 0 8 0 0 16
SAF RESOURCE CLASS FCICSFCT
RESOURCE NAME: TESTPLEX