One person who is setup under ACF2 can send an API to the mainframe and access the Console and another person who is set up like the other one does not get a response back from sending API to the mainframe. What is needed to debug the issue?
Release : 16.0
Component : CA ACF2 for z/OS
The easiest approach to debug 'console access' problems would be to put the logonid TRACE bit on both logonids, have both users access the console and then run the ACFRPTRV report to see what resource validations are done for each logonid.
If use of the TRACE bit does not identify the cause of the problem, the next course of action would be to use SETRACE. If this is occurring on a test system an open SECTRACE can be set with a small window to trace all calls just for the console access. It is expected that the calls would be RACROUTE AUTH calls for resource class OPERCMDS however there could be other RACROUTE calls that are involved. For example:
The SECTRACE records can be printed using the ACFRPTST report. Sample JCL follows.
//REPORT EXEC PGM=ACFRPTST,PARM=('DETAIL')
//SYSPRINT DD SYSOUT=*
//* THE FOLLOWING DDS SHOULD POINT TO THE SMF DATASETS
//RECMAN1 DD DISP=SHR,DSN=SYS1.MAN4
//RECMAN2 DD DISP=SHR,DSN=SYS1.MAN5
//RECMAN3 DD DISP=SHR,DSN=SYS1.MAN6
Another area to investigate are a site's IKJ exits which can impact console access.