What ACF2 resource rule is needed to address IBM PTF OA50118?

z/OS users at release HDZ1D10 or higher that have VSAM CLUSTERs with either Alternate Indexes (AIXs) or PATHs

The IBM fix introduced a new facility class STGADMIN.IGG.CATALOG.SECURIY.BOTH.  Users having READ authority to STGADMIN.IGG.CATALOG.SECURIY.BOTH are required to have ALTER authority to both the CLUSTER and the PATH or AIX when defining a path or AIX. This ensures sufficient authority to both the CLUSTER and AIX or PATH on subsequent VSAM OPENs. The problem is resolved when PTFs are applied and READ authority is established to STGADMIN.IGG.CATALOG.SECURIY.BOTH for all users.

A sample ACF2 rule to enable the functionality would look like this:

$KEY(STGADMIN) TYPE(FAC) 
  IGG.CATALOG.SECURIY.BOTH UID(*) SERVICE(READ) ALLOW 

IBM PTF information: OA50118: AUTHORITY NOT CHECKED FOR BASE CLUSTER ON DEFINE PATH or AIX