Receiving ACF2 message ACF70046 when trying to compile a rule for z/OSMF

book

Article ID: 207272

calendar_today

Updated On:

Products

CA ACF2 - z/OS

Issue/Introduction

When trying to change an existing rule for z/OSMF. Modifying acf2.CAX1JCL0(ACFMFSEC) JCL, several rule updates failed with message ACF70046.

SET RESOURCE(FAC)
RECKEY BPX ADD(CONSOLE ROLE(IZUADMIN) SERVICE(READ) ALLOW)
ACF70046 29 INVALID PARAMETER VALUE FOR KEYWORD - ROLE COMPILER TERMINATING. 

Why is this happening?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

UID rule entries cannot be used in the same rule as ROLE or USER entries. 

If you have a rule that is defined as a roleset and you want to change
it to a UID ruleset, you would need to delete the old rule and create a new rule.
If you have a rule that is defined as a UID ruleset and you want to
change it to a ROLEset with USER or ROLE entries, you also need to delete the original
rule and create a new rule defined as a ROLEset.
If you are converting a ROLE to UID you would need to add UID entries in the ruleset
that would match all users that would be connected to the original role.
If you are converting a UID rule to a role, you will need to create a role for all
users that would match the uid string.