Development and Test CICS regions do not seem to be using the CICS transaction groups for access validation.
For example:
This region is not using transaction groups
RCKD-CEMT TRC RCKD-CEMT
XXXXX E066 SYSX ACFAERUL NO-RULE - DIRECTRY
23.073 14/03 14.11 CICSXX XXXXX ISI: USERID NAME 0 0 20 0 16
RESOURCE NAME: CEMT
and this region is
RCKZ-CEMT TRC RCKZ-C#CICS_OPS
XXXXX E066 SYSX ACFAERUL RULE - DIRECTRY
23.073 14/03 13.16 CICSYY XXXXX ISI: USERID NAME 0 0 0 0 0
RESOURCE NAME: CEMT
Release : 16.0
The difference between the two CICS regions is that the region that is using type CKD has a rule for $KEY(CEMT).
The region using CKZ does not have a rule for CEMT.
Resource grouping will only work if there is no rule with the specific keys being requested.
The violation shows that there is a rule with $KEY(CEMT) - see NO-RULE in the logging.
RCKD-CEMT TRC RCKD-CEMT
XXXXX E066 SYSX ACFAERUL NO-RULE - DIRECTRY
23.073 14/03 14.11 CICSXX XXXXX ISI: CON VASILIKAKIS 0 0 20 0 16
RESOURCE NAME: CEMT
NO-RULE means there is a ruleset with the key but there is no rule line that matches the environment.