A user gets a violation in ACF2 running SDSF: ACF04056 ACCESS TO RESOURCE SYSPLEX.OPERLOG TYPE RLGS

book

Article ID: 206838

calendar_today

Updated On:

Products

CA ACF2 - z/OS

Issue/Introduction

Users are getting violations from ACF2 accessing the log in SDSF:

ACF04056 ACCESS TO RESOURCE SYSPLEX.OPERLOG TYPE RLGS BY TSOUSER NOT AUTHORIZED 

 

 

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

According to the IBM manual z/OS SDSF Operation and Customization that is made when an access to the MVS LOGSTRM is made:

CLASS           SDSF Resource                                                            Resource Name

LOGSTRM     Access to the log stream, to display the OPERLOG     SYSPLEX.OPERLOG

The default CLASMAP for class LOGSTRM is SAF.  This violation points to a type code of LGS from the violation error message.  A rule needs to be written to allow access, one of two ways:

$KEY(SYSPLEX.OPERLOG) TYPE(LGS)
 UID(uid string of user) ALLOW

or

$KEY(SYSPLEX) TYPE(LGS)
 OPERLOG UID(uid string of user) ALLOW

Role records can also be used if this system is using ROLE records instead of UID strings in the rules.