Seeing RACF violations in the Web Viewer Startup task for users accessing reports using OM Web Viewer to view reports.
ICH408I USER(EAXXXXX ) GROUP(<group> ) NAME(<firstname>, <lastname>
BPX.SMF CL(FACILITY)
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
The RACF team is reluctant to grant universal read access to BPX.SMF profile as there is some risk as indicated below:
"There is some risk associated with the profile and you would not typically grant a UACC of READ. We are exploring applying the STIG standards and they have a control specifically for BPX.SMF (The IBM z/OS BPX.SMF resource must be properly configured.). If the SMF records do need to be created and we can figure out what type they are, we could at least limit the access to only that SMF type as per the link."
According to documentation:
It is not possible to limit the access to a specific SMF record type for Web Viewer.
It is not possible to turn off the option of creating SMF records for Web Viewer users.