I have setup protection of Master Console Authority but the rules are ineffective. Why?

Users are not getting access to commands issued with master console authority even though there are appropriate OPR resource rules, there is a CLASMAP that maps OPERCMDS to OPR, and there is a USER OPERPARMS profile record with AUTH(MASTER)for each user. User authority shows up as INFO only, not MASTER.

Run a SECTRACE on the user to see if the AUTH call for class(OPERCMDS) entity(MCS.CONSOLE.xxxxx) is being ignored. If it is not ignored, verify the SECTRACE shows a subsequent EXTRACT call for the USER OPERPARMS segment. The EXTRACT call should have a return codes of 0/0/0. If the EXTRACT call is failing, then verify the USER OPERPARMS profile record was correctly defined for this user and reissue the REBUILD command:

F ACF2,REBUILD(USR),CLASS(P)

If the AUTH call is being ignored, verify the defined SAFDEF record matches the parameters shown in the SECTRACE. If they match, reissue the REFRESH command:

F ACF2,REFRESH(SAFDEF)