The following error is seen in SDSF after performing a migration of internal SDSF security to ACF2:

ISF024I USER xxxxxxxx NOT AUTHORIZED TO SDSF, CONNECT FAILED

How can this error be resolved?

All users needing to connect to SDSF need READ access to the ISF.CONNECT.system resource in the SDSF resource class:

$KEY(ISF) TYPE(SDF)
 CONNECT.system UID(user UID string) SERVICE(READ) ALLOW

In addition, the ISF.CONNECT.system validation is issued using a RACROUTE REQUEST=FASTAUTH,CLASS=SDSF call. For this process to work successfully, the rules and directory for the SDSF type code must be globally resident:

SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RSDF) ADD
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(SDF)

Note that the default type code for the SDSF resource class is SAF, but it is recommended to use a CLASMAP record to map the SDSF resource class to a type code of SDF. For more information, see ACF2 documentation section Using SAF for SDSF External Security