Upgrade from z/OS 2.1 to z/OS.23 of 2 LPARs. Encountering a not authorized issue on one LOGON ID after upgrading z/OS and ACF2:
DFHMQ0758 E 04/16/2022 05:30:07 WEQCICSF CKBR 00231 Unable to START bridge task. EIBRESP=69 EIBRESP2=8. Userid MQLNKPD is not authorized.
The CICS-MQ bridge monitor is being run with the IDENTIFY or VERIFY authorization option. An EXEC CICS START command for the CICS-MQ bridge task failed with NOTAUTH or USERIDERR because the user ID is not authorized to start CICS-MQ bridge transactions or has been revoked.
SECTRACE shows EXTRACT with SFR/RFR= 4/8:8:
SMFID= ADCG TOD= 20:30:07.56 TRACEID= P3 USERID= WEQCICSF
JOBNAME= WEQCICSF ASID= 00EE PGM= DFHKETCB CURR RB= SVC217
SFR/RFR= 4/8:8 MODE= TASK APF= AUTHORIZED LOCKS= NONE
SAFDEF= GENXTRCT INTERNAL MODE= GLOBAL
FIELDS DATA AREA FOLLOWS
0001367F +000 00000009 C4C6D3E3 C7D9D740 C3C7C7D9 *....DFLTGRP CGGR*
0001368F +010 D7C3E340 C6D3C1C7 F4404040 D9C5E5D6 *PCT FLAG4 REVO*
0001369F +020 D2C5C4E3 D9C5E2E4 D4C5C4E3 C3C7C7D9 *KEDTRESUMEDTCGGR*
000136AF +030 D7D5D440 C3C7C6D3 C1C7F440 C3C7D9C5 *PNM CGFLAG4 CGRE*
000136BF +040 E5D2C4E3 C3C7D9C5 E2D4C4E3 *VKDTCGRESMDT*
Release : 16.0
Component : ACF2 for z/OS
The errors can occur because ACF2 APAR SO05647 was included with the upgrade to z/OS 2.3, and the apar corrects a problem the default OMVS group was being returned with 0/0:0 when no group should be returned with z/OS 2.1 and above. Once SO05647 is applied RACROUTE EXTRACT calls for the default group will fail(as it should) so logonids must have a GROUP defined .
After adding GROUP(OMVSDGRP) to the MQLNKPD logonid, recycling the CICS region and running the MQ related transaction the errors(DFHMQ0758 and EXTRACT CLASS=USER SFR/RFR= 4/8:8) no longer occurred.