When trying to change an existing rule for z/OSMF. Modifying acf2.CAX1JCL0(ACFMFSEC) JCL, several rule updates failed with message ACF70046.
RECKEY BPX ADD(CONSOLE ROLE(IZUADMIN) SERVICE(READ) ALLOW)
ACF70046 29 INVALID PARAMETER VALUE FOR KEYWORD - ROLE COMPILER TERMINATING.
Why is this happening?
Release : 16.0
Component : CA ACF2 for z/OS
UID rule entries cannot be used in the same rule as ROLE or USER entries.
If you have a rule that is defined as a roleset and you want to change
it to a UID ruleset, you would need to delete the old rule and create a new rule.
If you have a rule that is defined as a UID ruleset and you want to
change it to a ROLEset with USER or ROLE entries, you also need to delete the original
rule and create a new rule defined as a ROLEset.
If you are converting a ROLE to UID you would need to add UID entries in the ruleset
that would match all users that would be connected to the original role.
If you are converting a UID rule to a role, you will need to create a role for all
users that would match the uid string.