Why the TEST command shows ALLOW rule is being used while ACFRPTRV report shows LOG as shown below?
Resource Rule:
$KEY(PARKBURG) TYPE(SPL)
*-.OS-.- UID(*) SERVICE(READ) LOG
- UID(**STC***123) ALLOW
- UID(**STC) LOG
- UID(*) SERVICE(READ) LOG
Test Command:
SET RESOURCE(SPL)
RESOURCE
TEST PARKBURG
. RSRCNAME(TEST.ABC.DEF.GHI.JKL.MNOP) UID( STC ABCD) NOPREFIX
ACF71114 THE FOLLOWING PARAMETERS ARE IN EFFECT:
DATE=06/23/22 TIME=0908 SOURCE=******** UID= STC 123
LID= ROLE=
TARGET RESOURCE: TEST.ABC.DEF.GHI.JKL.MNOP
VALIDATED RULE LINE FROM TEST TYPE SPL
- UID(**STC***123) ALLOW
RESULT: ACCESS WOULD BE ALLOWED
REASON: RESOURCE RULE
ACFRPTRV Report:
CA ACF2 - ACFRPTRV - GENERALIZED RESOURCE LOG - PAGE 1
DATE 06/23/22 (22.174) TIME 08.53 ACFRPTRV - LOG
DATE TIME SOURCE JNAME LID NAME DISP REC SERV LOOKUP-KEY
PRE PST RMC INT FIN UID CPU MODULE KEY-MOD DSP-MOD REQUESTED RESOURCE
MLS USER-SECLABEL RSRC-SECLABEL MODE SRC RRC RSN
22.174 06/23 08.43 STCINRDR ABCD ABCD ABCD STC ID -P RULE LOG READ RSPL-TEST
0 0 0 4 4 STC STC ABCD P1 ACF9CAUT DIRECTRY - RSPL-TEST
SAF RESOURCE CLASS JESSPOOL
RESOURCE NAME: TEST.ABC.DEF.GHI.JKL.MNOP
Release :
Component :
The resource validation is being done from the more specific rule entry -.OS-.- UID(*) SERVICE(READ) LOG as shown in blue below:
$KEY(PARKBURG) TYPE(SPL)
*-.OS-.- UID(*) SERVICE(READ) LOG
- UID(**STC***123) ALLOW
- UID(**STC) LOG
- UID(*) SERVICE(READ) LOG
Changing the test command by adding SERVICE(READ) shows the correct results.