Why does a security adminitrator for ACF2 need access to datasets

book

Article ID: 210757

calendar_today

Updated On:

Products

CA ACF2 - z/OS

Issue/Introduction

Working on implementing automatic provisioning for TSO proceduress and datasets. 
A service account created with ACCOUNT & SECURITY and access to a TSO procedure.  
When attempting to run the script for the ACF2 service account to create a dataset for a user the admin gets an ACF2 violation. 

ACF99913 ACF2 VIOLATION-08,06,XXXXXXX,TSO103,ABC00123.ISPF.ISPPROF,N/A

This means that service account needs access to *.ISPF.ISPROF - why is that needed as the admin has security and account?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

The security administrator also has RULEVLD - this means that the admin needed rules written for all resources.
If access to rules and the associated resources is required, remove RULEVLD 
 After the removal of RULEVLD privilege from the service account, security admin was able to successfully auto-provision a ruleset for ABC000123.ISPF.ISPROF