ACF2 user gets a violation for a resource rule that should allow access.

book

Article ID: 196411

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

ACF2 access error for an authorized user.
ACF04056 ACCESS TO RESOURCE WUI.WUIXE.MENU.STARTMENU TYPE RFAC BY TESTID NOT AUTHORIZED

The resource rule is here

$KEY(WUI.WUIXE.MENU.START***********) TYPE(FAC)
  UID(PRODCICS*****DFTCICSA) SERVICE(UPDATE) ALLOW
  UID(PRODCICS*****DFTCICS) SERVICE(UPDATE) ALLOW
  UID(DIV1*****DVSRT) SERVICE(UPDATE) LOG
  UID(DIV3*****HID55) SERVICE(UPDATE) LOG
  UID(DIV3*****DFSTKN) SERVICE(UPDATE) LOG
  UID(DIV6*****SFERN) SERVICE(UPDATE) LOG
  UID(DIV6****SFRE9U) SERVICE(UPDATE) LOG

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

After reviewing the ACFRPTRV report, the problem is visible:

CA ACF2 - ACFRPTRV - GENERALIZED RESOURCE LOG -                 PAGE    1
 DATE mm/dd/yy (yy.ddd) TIME hh.mm

 REQUESTED RESOURCE                               REC  LOOKUP KEY
 UID                      SOURCE   CPU  MODULE   DISP     DSP-MOD  KEY-MOD  SERV
     DATE     TIME     JNAME    LID      NAME                 PRE RMC INT PST FIN
 MLS     USER-SECLABEL RSRC-SECLABEL MODE   SRC     RRC      RSN

 RFAC-WUI.WUIXE.MENU.STARTMENU    *VIO  RFAC-WUI.WUIXE.MENU.START*****
 DIV1       HID55         *DEFAULT XSYS ACF9CAUT NO-RULE     -     DIRECTRY READ
 yy.ddd mm/dd hh.mm    WWGT56FS H33733   BRENNAN          -P    0   0  20   0  16
 SAF RESOURCE CLASS FACILITY

 RESOURCE NAME: WUI.WUIXE.MENU.STARTMENU

The SERVICE in the report shows READ, but the rule only shows UPDATE.  READ needs to be added to the rule to allow the access.

$KEY(WUI.WUIXE.MENU.START***********) TYPE(FAC)
  UID(PRODCICS*****DFTCICSA) SERVICE(UPDATE) ALLOW
  UID(PRODCICS*****DFTCICS) SERVICE(UPDATE) ALLOW
  UID(DIV1*****DVSRT) SERVICE(UPDATE) LOG
  UID(DIV3*****HID55) SERVICE(READ UPDATE) LOG
  UID(DIV3*****DFSTKN) SERVICE(UPDATE) LOG
  UID(DIV6*****SFERN) SERVICE(UPDATE) LOG
  UID(DIV6****SFRE9U) SERVICE(UPDATE) LOG