Where is resource access violation count recorded for any logonid in ACF2/CICS interface?
search cancel

Where is resource access violation count recorded for any logonid in ACF2/CICS interface?

book

Article ID: 223829

calendar_today

Updated On:

Products

ACF2

Issue/Introduction

Is the violation count recorded on logonid and CICS records?

Environment

Release : 16.0

Component :

Resolution

The MAXVIO setting in the ACF2PARM OPTION record is only for the users signed on to that CICS region.

The violation count when the ID crosses max resource violation is recorded under user logonid under SEC-VIO statistics. SEC-VIO count is the total number of violations the user had since the creation of the id as shown below:

list ABCDE                                                                  
  ABCDE                ABCDE                           
                       COMPANY(S) DEPT() IDNUM() LEVEL(1) LOCATION(ZZZZ)       
                       OLDLID() OWNER() OWNTYPE() POSITION() PROJECT() SITE(2)
  CANCEL/SUSPEND       TRACE                                                   
  PRIVILEGES           ACCOUNT ACTIVE(06/12/89) CICS DUMPAUTH JOB MOONSHOT     
                       PWPALLOW REFRESH SECURITY TSO VM                        
  ACCESS               ACC-CNT(127) ACC-DATE(09/14/21) ACC-SRCE(99999999)      
                       ACC-TIME(07:39)                                         
  PASSWORD             KERB-VIO(0) KERBCURV() PSWA1TOD(04/30/21-11:36)         
                       PSWA2TOD(00/00/00-00:00) PSWD-DAT(00/00/00) PSWD-INV(0)
                       PSWD-SRC(99999999) PSWD-TIM(13:48)                      
                       PSWD-TOD(04/30/21-11:36) PSWD-VIO(0) PSWDCVIO(2)        
                       PWP-DATE(00/00/00) PWP-VIO(0)                           
  TSO                  ATTR2(9999) CONSOLE DFT-PFX8(ABCDE) DFT-SOUT(A)      
                       DFT-SUBM(A) INTERCOM JCL LGN-ACCT LGN-PROC LGN-SIZE     
                       LINE(ATTN) MAIL MODE MSGID NOTICES OPERATOR PROMPT      
                       TSOACCT(0000013) TSOFSCRN TSOPROC(TSOPROC)             
                       TSORGN(2,147,483,647) TSOSIZE(4,096) WTP                
  STATISTICS           CRE-TOD(04/30/21-06:51) SEC-VIO(10)                      
                       UPD-TOD(09/14/21-07:39)                                 
  CICS                 CICSCL(999999) CICSRSL(999999)                          
  RESTRICTIONS         GROUP(DFTGRP) PREFIX(ABCDE)                          
 ACF

                                                                         

There is another SUSPEND RULE=YES|NO option in ACF2/CICS interface. It specifies if users are suspended during resource validation if the violation count reaches the established threshold.

YES-Specifies that the user is considered suspended during resource validation if the violation count reaches the threshold established by host system controls.
NO-Indicates that suspension does not occur for violations.

When the CICS user is SUSPENDed due to exceeding the MAXVIO the user's logonid will have the SUSPEND bit set along with the CSWHO(CICSlogonid) set where CICSlogonid is the CICS task's logonid as shown below:

CANCEL/SUSPEND       CSDATE(09/14/21) CSWHO(CICS logonid) SUSPEND

There is no way to display the internal counter of ACF2 though to view the current value of security violations for the day. 

Powered by Wolken Software