Using the ACF2 TEST command from TSO, ACF or from the ACF2 ISPF ACFTESTR panel gets 'NO RULE APPLIES IN RESOURCE RECORD ruleid TYPE xxx' and RESULT: ACCESS WOULD BE DENIED, why?

Release : 16.0

The issue has to do with the way the resource rule entries are coded as far as SERVICE. With the TEST command, when you omit the SERVICE keyword, ACF2 assumes ALL services. This is mentioned in section: 'Process Resource Rules'  sub-section 'TEST Subcommand/Keywords':

SErvice(Read,Add,Update,Delete,Execute)
Specifies the type of resource access tested. This access type can be READ, ADD, UPDATE, DELETE, or EXECUTE. Separate multiple access types with blank characters or commas as delimiters. When you omit the SERVICE keyword, ACF2 assumes ALL services. Execute access type does not work with CICS resource.

If the rule entries in the ruleid specify SERVICE, when using the TEST command from the panels or from TSO ACF SERVICE must be specified otherwise the RESULT: ACCESS WOULD BE DENIED occurs.

If there was  a rule entry 'ZOSMF ROLE(roletech) ALLOW' coded rather than 'ZOSMF ROLE(roletech) SERVICE(READ) ALLOW' then the TEST command with no SERVICE would work.