STATUS=ACCESS is a keyword used in the RACROUTE REQUEST=AUTH security macro. It permits a user to interrogate security definitions (access and resource rules) to determine the access level for a user. No auditing is performed.
To maintain system integrity, CA ACF2 requires that a user be APF-authorized to access security definitions; however, some products that use STATUS=ACCESS are not APF-authorized when they issue the request. The result is that CA ACF2 abends the task with a S047 from ACF9C000.
To accommodate products that require to issue a RACROUTE STATUS=ACCESS call from a NON-APF-authorized program/state, CA ACF2 lets the security administrator define the specific calls for which the authorization check for STATUS=ACCESS will be bypassed. This is done with the NOAPFCHK keyword on a SAFDEF record that describes the specific environment from which
this call is made.
Use of this parameter results in a less secure system because it allows a user the ability to create a program which can invoke STATUS=ACCESS requests from an unauthorized environment.
Since no logging is performed a user could exploit the NOAPFCHK to probe for vulnerabilities in the security permissions. STATUS=ACCESS provides the ability to query the security system for the level of access to a given resource.
Details on the GSO SAFDEF can be found section Environments for SAF Calls (SAFDEF) of the ACF2 documentation.