Description:
With z/OS 1.11 there is a new profile in the SERVAUTH class for the TCPIP CSSMTP application:
EZB.CSSMTP.sysname.writername.originJESnode. The application fails with the following violation:
ACF04056 ACCESS TO RESOURCE EZB.CSSMTP.SYS1.SMTP.NODEJES TYPE RSER BY CSSMTP NOT AUTHORIZED
An ACF2 resource rule can be written to address the violation.
Solution:
With ACF2 all resources are protected by default. To address the violation a site cand to add a rule entry for the second qualifier CSSMTP to the existing $KEY(EZB) TYPE(SER) resource rule or create the rule for the SERVAUTH resource class.
For example a new rule can be compiled or stored:
$KEY(EZB) TYPE(SER) CSSMTP.sysname.writername.originJESnode UID(uid string) ALLOW
Or the existing $KEY(EZB) TYPE(SER) can be updated to include a rule entry for the new CSSMTP resource:
ACF SET RESOURCE(SER) RECKEY EZB ADD(CSSMTP.sysname.writername.originJESnode UID(uid string) ALLOW)
Details on ACF2 resource rules and the RECKEY subcommand can be found in the CA ACF2 for z/OS Administrator Guide, Chapter 7: Maintaining Resource Rules, section "Using the ACF Command".