ACF2 user gets a violation for a resource rule that should allow access.
Article ID: 196411
Updated On:
Products
Issue/Introduction
ACF2 access error for an authorized user.
ACF04056 ACCESS TO RESOURCE WUI.WUIXE.MENU.STARTMENU TYPE RFAC BY TESTID NOT AUTHORIZED
The resource rule is here
$KEY(WUI.WUIXE.MENU.START***********) TYPE(FAC)
UID(PRODCICS*****DFTCICSA) SERVICE(UPDATE) ALLOW
UID(PRODCICS*****DFTCICS) SERVICE(UPDATE) ALLOW
UID(DIV1*****DVSRT) SERVICE(UPDATE) LOG
UID(DIV3*****HID55) SERVICE(UPDATE) LOG
UID(DIV3*****DFSTKN) SERVICE(UPDATE) LOG
UID(DIV6*****SFERN) SERVICE(UPDATE) LOG
UID(DIV6****SFRE9U) SERVICE(UPDATE) LOG
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
After reviewing the ACFRPTRV report, the problem is visible:
CA ACF2 - ACFRPTRV - GENERALIZED RESOURCE LOG - PAGE 1
DATE mm/dd/yy (yy.ddd) TIME hh.mm
REQUESTED RESOURCE REC LOOKUP KEY
UID SOURCE CPU MODULE DISP DSP-MOD KEY-MOD SERV
DATE TIME JNAME LID NAME PRE RMC INT PST FIN
MLS USER-SECLABEL RSRC-SECLABEL MODE SRC RRC RSN
RFAC-WUI.WUIXE.MENU.STARTMENU *VIO RFAC-WUI.WUIXE.MENU.START*****
DIV1 HID55 *DEFAULT XSYS ACF9CAUT NO-RULE - DIRECTRY READ
yy.ddd mm/dd hh.mm WWGT56FS H33733 BRENNAN -P 0 0 20 0 16
SAF RESOURCE CLASS FACILITY
RESOURCE NAME: WUI.WUIXE.MENU.STARTMENU
The SERVICE in the report shows READ, but the rule only shows UPDATE. READ needs to be added to the rule to allow the access.
$KEY(WUI.WUIXE.MENU.START***********) TYPE(FAC)
UID(PRODCICS*****DFTCICSA) SERVICE(UPDATE) ALLOW
UID(PRODCICS*****DFTCICS) SERVICE(UPDATE) ALLOW
UID(DIV1*****DVSRT) SERVICE(UPDATE) LOG
UID(DIV3*****HID55) SERVICE(READ UPDATE) LOG
UID(DIV3*****DFSTKN) SERVICE(UPDATE) LOG
UID(DIV6*****SFERN) SERVICE(UPDATE) LOG
UID(DIV6****SFRE9U) SERVICE(UPDATE) LOG
Feedback
