Why does a LOGONID with the SECURITY privilege get violations for the resource class SURROGAT?

search cancel

Why does a LOGONID with the SECURITY privilege get violations for the resource class SURROGAT?

book

Article ID: 25334

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

LOGONIDs with the SECURITY or NON-CNCL privilege get RSUR-logonid.SUBMIT resource violations for the SURROGAT resource class. The user also gets the message ACF01007 A PASSWORD IS REQUIRED FOR LOGONID xxxxxxxx.

Environment

Release:
Component: ACF2MS

Cause

CA ACF2 has special code in place for SURROGAT calls.

Resolution

Resource class SURROGAT validations check to see if one user has the authority to use another user's LOGONID without knowing the password. SECURITY or NON-CNCL privileges do not allow a user to use someone else's LOGONID without knowing the password - there must be a SURROGAT resource rule allowing access.

Feedback

thumb_up Yes

thumb_down No