To address the violation an ACF2 DB2 resource rule for TYPE(PRC) stored procedure can be written.

The only SERVICE keywords that can be specified on the rule entry for a Stored Procedure rule is EXECUTE.

The following violation message is received for a DB2 stored procedure.

  ACF04056 ACCESS TO RESOURCE DSNSYSIBM.SQLTABLES TYPE DPRC BY USER0002 NOT AUTHORIZED

The violation in the ACFRPTRV report shows the following.

  REQUESTED RESOURCE                               REC  LOOKUP KEY                
  UID                      SOURCE   CPU  MODULE   DISP     DSP-MOD  KEY-MOD  SERV 
      DATE     TIME        JNAME    LID      NAME              PRE RMC INT PST FIN
 
  DPRC-DSNSYSIBM.SQLTABLES                       *VIO  DPRC-DSNSYSIBM    
  USER0002                 TCPIP    SYSX          NO-REC      -        -     EXEC                    
  09.289 10/16 15.54       DSNTDIST USER0002 ASW DATA           0   8   0   0   16

Even though the service "SERV" in the ACFRPTRV report shows "EXEC", the SERVICE keyword in the ACF2 DB2 rule should be "EXECUTE"; "EXEC" is not allowed. The sample rule for the above violation follows.

  $KEY(SYSIBM.SQLTABLES) TYPE(PRC) SYSID(DSNX) 
  UID(*) SERVICE(EXECUTE) ALLOW

Details on the possible keywords that can be specified for each of the DB2 resource types can be found in the CA-ACF2 Security Option for DB2 Administrator Guide, section Writing Rules, section "How Do You Specify CA-ACF2 for DB2 Rules?", sub-section "SERVICE(keyword1,keyword2,...,keywordn)".