Release : 16.0
Component : ACF2 for z/OS
an HFS sectrace showed that when opening a directory a readlink event occurs.
The readlink requires access to the $KEY(/etc) per above documentation.
CAS2319I TRACEID=HFS USER=USER01 JOBNAME=USER01
SAF FASTAUTH return codes: 00000000/00000000/00000000
Exit with return code = 00
CAS2319I TRACEID=HFS USER=USER01 JOBNAME=USER01 620
SAF FASTAUTH return codes: 00000008/00000008/00000000
Exit with return code = 08
CAS2312E USER01 - READ ACCESS DENIED 621
This proves that the problem relates to the READLINK event requiring the $KEY(/etc) resource rule.
Access is required to both the link name and the symbolic that it points to.
Without access to the link name you cannot point to the symbolic.
That is why the symbolic link looked like data had been removed when the rule was deleted.