• A user who has UPDATE or greater authority to the IEAABD.DMPAUTH resource can obtain program dumps.
• A user who has READ authority to the IEAABD.DMPAUTH resource can obtain program dumps unless a program was fetched from a library to which the user has only EXECUTE authority. A user cannot obtain a dump of a program to which the user has only EXECUTE authority.

If a resource validation request asks for read access - the resource rule needs to specify either read access - SERVICE(READ) or all access -ALLOW.

With a validation for facility class resource  IEAABD.DMPAUTH for READ access,  the user needs read access.
If the validation requests update authority, then the user needs update authority.
In RACF terms, a user with update authority will also have read access.
In ACF2 the permission is not hierarchical. You need read access for read and update for update.
Note that ACF2 is not issuing these validations they are coming from IBM code as a read request.

Example of defining the IEAABD.DMPAUTH profile