ESF796 messages with reason UNKNOWN are issued in the ESFLOG; what should I check to prevent these messages to be issued ?
Messages ESF796 can be issued when processing internal security checks and a file is being written to CA Spool, or a user tries to access a file or a printer, or after a REINIT in case a SAFUID has been removed and there are files in Spool associated with the user for some examples.
They can be one of the two following formats:
ESF796 USER(USER01 ) UNKNOWN
which means user USER01 does not match a SAFUID definition
ESF796 USER(USER01 )
ESF796 RESOURCE(ESFSECU.NOGR10.G0000777 ) UNKNOWN
which means resource ESFSECU.NOGR10.G0000777 does not have a matching SAFAT definition
Using internal and/or external security is defined on the SAFDEF statement, and can be overriden individually on SAFTYPEs; for example:
SAFDEF INT,NOEXT,CLASS=DATASET
SAFTYPE 5,'ESFSECU.FIGRGRP',INT,EXT
SAFTYPE 6,'ESFSECU,NOCONTROL',NOINT,EXT
SAFTYPE 7,'ESFSECU.NOGR&REQ(6,2).G&GRP(1,7)',EXT,INT
SAFTYPE 8,'ESFSECU.NONO&REQ(6,2).&NOD(0,8)',NOINT,NOEXT
SAFTYPE 9,'ESFSECU.CMND.&CMD(0,8)',EXT,NOINT
When both internal and external security are active, CA Spool first checks internal definitions for authorization; if access is not allowed with internal security then CA Spool issues SAF calls to the external security tool (CA Top Secret, CA ACF2 or IBM RACF).