ACF2 user gets a violation for a resource rule that should allow access.
search cancel

ACF2 user gets a violation for a resource rule that should allow access.

book

Article ID: 196411

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

ACF2 access error for an authorized user.
ACF04056 ACCESS TO RESOURCE xxx.MENU.STARTMENU TYPE RFAC BY user NOT AUTHORIZED

The resource rule is here

$KEY(xxx.MENU.START***********) TYPE(FAC)
  UID(uid of user) SERVICE(UPDATE) LOG

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

After reviewing the ACFRPTRV report, the problem is visible:

CA ACF2 - ACFRPTRV - GENERALIZED RESOURCE LOG -                 PAGE    1
 DATE mm/dd/yy (yy.ddd) TIME hh.mm

 REQUESTED RESOURCE                               REC  LOOKUP KEY
 UID                      SOURCE   CPU  MODULE   DISP     DSP-MOD  KEY-MOD  SERV
     DATE     TIME     JNAME    LID      NAME                 PRE RMC INT PST FIN
 MLS     USER-SECLABEL RSRC-SECLABEL MODE   SRC     RRC      RSN

 RFAC-xxx.MENU.STARTMENU    *VIO  RFAC-xxx.MENU.START*****
 uid of user          *DEFAULT sys1 ACF9CAUT NO-RULE     -     DIRECTRY READ
 yy.ddd mm/dd hh.mm    xxxxxxx yyyyyy   zzzzzz       -P    0   0  20   0  16
 SAF RESOURCE CLASS FACILITY

 RESOURCE NAME: xxx.MENU.STARTMENU

The SERVICE in the report shows READ, but the rule only shows UPDATE.  READ needs to be added to the rule to allow the access.

$KEY(xxx.MENU.START***********) TYPE(FAC)
  UID(uid of user) SERVICE(READ UPDATE) LOG

 

Powered by Wolken Software