search cancel

ACF2 won't let a scoped security administrator change the PREFIX field, getting ACF00112.

book

Article ID: 201819

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

When a scoped Security Admin who is using the test ID tries to create a new ID, gets error message: 

ACF
insert using(newtst) newid name(new id) prefix() dft-pfx(abc) nosuspend password(New_pswd)
ACF00112 SUPER SECURITY PRIVILEGES NEEDED TO CHANGE FIELD PREFIX

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

In reviewing the ACF2 Message manual, shows this reason from ACF00112:

Reason: The field you want to modify (fld) is marked with a RESTRICT flag. Only an unrestricted security administrator is authorized to modify this field. 
 
and the ACF2 manual under @CFDE shows this for FLAGS=RESTRICT
 
RESTRICT—Only unrestricted security administrators can change this field. This means users with the SECURITY privilege and no SCPLIST restrictions specified in their logonid records.
The default shipping of the ACFFDR for PREFIX has this:

@CFDE  PREFIX,LIDPFX,CHAR,ALTER=SECURITY,LIST=ALL,    
            FLAGS=RESTRICT,PRTN=9,RRTN=1,GROUP=11  
 
If the scoped Security Admin has to change that field, then FLAGS=RESTRICT must be removed from the ACFFDR using the UM99901 usermod.

Additional Information

For review of the ACF2 Messages, go here:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os-messages/1-0/acf00-acf0d-messages/acf00-ca-acf2-database-management-support/acf00112.html

For review of @CFDE settings, go here:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/installing/implement-ca-acf2/post-installation-considerations/ca-acf2-field-definition-records-acffdr/cfde-create-field-definition-entry-macro.html