An access on command on resource SUPERUSER.PROCESS.GETPSENT resource class UNIXPRIV gets a ACF04056 'NO-REC' violation in the ACFRPTRV report indicating no rule record found but the rule does exist.
RUNI-SUPERUSER.PROCESS.GETPSENT LOG RUNI-SUPERUSER
uid STCINRDR SYS1 ACF9CFAT NO-REC NON-CNCL - READ
22.165 06/14 13.16 xxxxxx yyyyyy BATCH JOB 0 8 0 0 4
UNIXPRIV class calls are RACROUTE FASTAUTH calls. FASTAUTH calls requires the rules be Globally resident. The violation can be addressed by adding an INFODIR directory for R-RUNI and rebuilding the resident directory for TYPE UNI.
The UNIXPRIV class allows specific control of the individual functions usually performed by a user with superuser authority. This is referred to as superuser granularity. OMVS requires that users performing certain functions have a UID(0) or superuser status. Once a user is given superuser status, they have complete access to the system.
The UNIXPRIV class uses FASTAUTH calls so the type code used for the UNIXPRIV class must be added to the GSO INFODIR record and rules must be made resident:
ACF
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RUNI)
Once the INFODIR record has been updated, issue the following commands to activate the changes:
ACF
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(UNI),CLASS(R)
Details on the UNIXPRIV resource can be found in the CA-ACF2 Security for z/OS Administrator Guide, in Chapter 21: z/OS UNIX System Services Support, section "Controlling Superuser Functions".