With z/OS 1.11 there is a new profile in the SERVAUTH class for the TCPIP CSSMTP application:
EZB.CSSMTP.sysname.writername.originJESnode. The application fails with the following violation:
ACF04056 ACCESS TO RESOURCE EZB.CSSMTP.SYS1.SMTP.NODEJES TYPE RSER BY CSSMTP NOT AUTHORIZED
An ACF2 resource rule can be written to address the violation.
With ACF2 all resources are protected by default. To address the violation a site cand to add a rule entry for the second qualifier CSSMTP to the existing $KEY(EZB) TYPE(SER) resource rule or create the rule for the SERVAUTH resource class.
For example a new rule can be compiled or stored:
$KEY(EZB) TYPE(SER) CSSMTP.sysname.writername.originJESnode UID(uid string) ALLOW
Or the existing $KEY(EZB) TYPE(SER) can be updated to include a rule entry for the new CSSMTP resource:
ACF SET RESOURCE(SER) RECKEY EZB ADD(CSSMTP.sysname.writername.originJESnode UID(uid string) ALLOW)
Details on ACF2 resource rules and the RECKEY subcommand can be found in the CA ACF2 for z/OS Administrator Guide, Chapter 7: Maintaining Resource Rules, section "Using the ACF Command".