Users are getting violations from ACF2 accessing the log in SDSF:

ACF04056 ACCESS TO RESOURCE SYSPLEX.OPERLOG TYPE RLGS BY TSOUSER NOT AUTHORIZED 

Release : 16.0

Component : CA ACF2 for z/OS

According to the IBM manual z/OS SDSF Operation and Customization that is made when an access to the MVS LOGSTRM is made:

CLASS           SDSF Resource                                                            Resource Name

LOGSTRM     Access to the log stream, to display the OPERLOG     SYSPLEX.OPERLOG

The default CLASMAP for class LOGSTRM is SAF.  This violation points to a type code of LGS from the violation error message.  A rule needs to be written to allow access, one of two ways:

$KEY(SYSPLEX.OPERLOG) TYPE(LGS)
 UID(uid string of user) ALLOW

or

$KEY(SYSPLEX) TYPE(LGS)
 OPERLOG UID(uid string of user) ALLOW

Role records can also be used if this system is using ROLE records instead of UID strings in the rules.