Setting up z/OS Connect server gets an ACF2 violation for class CBIND

book

Article ID: 198045

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

Working on a project for z/OS Connect server, gets a violation in ACF2

the ACF2 Resource Violation report:

RSAF-ABC.BIND.NAME1.NAME2.NAME3                *VIO  RSAF-ABC                      

SHRYDMUFKST    123       STCINRDR PRD1 ACF9CFAT NO-REC      -     DIRECTRY READ      

24.237 08/24 15.53    PRD1     PRD1     PRD1 SUBSYSTEM         0   8   0   0  16    

SAF RESOURCE CLASS CBIND

RESOURCE NAME: ABC.BIND.NAME1.NAME2.NAME3                                           

       

What is needed in ACF2?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

CBIND by default uses type code SAF.  The recommendation is to use a unique type code for different classes to make it easier to differentiate between them when there is a problem.  With that in mind, first a CLASMAP record is needed.

SET CONTROL(GSO)
INSERT CLASMAP.cbind RESOURCE(CBIND) RSRCTYPE(cbi) ENTITYLN(41)
 
also, this call is using RACROUTE=FASTAUTH, so a resident directory is needed. 
 
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RCBI) ADD
 
then refresh the two records at a console:
 
F ACF2,REFRESH(CLASMAP)
F ACF2,REFRESH(INFODIR)
 
Now a rule can be inserted like so:
 
$KEY(ABC) TYPE(CBI)
 BIND.NAME1.NAME2.NAME3  UID(uid string of user) SERVICE(READ) ALLOW
 
there will be a prompt to rebuild the rule:

F ACF2,REBUILD(CBI)