ACFRPTOM report shows ck_priv and ck_access entries with SAF return/reason codes of 8 8 4

book

Article ID: 48915

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

The ACFRPTOM report shows ck_priv and ck_access entries with SAF return/reason codes of 8 8 4 "Failed - User not privileged" but there's no apparent problem with the system. What is the purpose of these records? The return codes indicate something doesn't have authority,  what is being checked and are there any consequences for it not having that privilege?

 

Environment

Release: ACF2..001AO-15-ACF2
Component:

Resolution

Certain functions are restricted and only SUPERUSER with access to BPX.DAEMON authority can invoke these functions. The ck_priv and services request determines if the user has the necessary SUPERUSER privilege. The SAF return/reason codes 8 8 4 confirm that the user is not privileged. Yet, because there was no obvious problem in the processing, there likely were applicable ACF2 resource rules or the user had sufficient authority in his own right to do what needed to be done. As long as the user is able to accomplish what he is supposed to do and the entries in the ACFRPTOM report are ck_priv requests and not ck_auth requests, then there should be no concern about the codes. The ACFRPTOM report is not a report that should be reviewed on a regular basis, but only when problems surface on your system.