The security definitions for the resource class DTSYSTEM must be defined as follows :
Resource name cxxname.XCF - the MUF userid must be denied access to turn on XCF external security.
Resource name cxxname.XCFFROM.from-system.groupname - the MUF userid must be allowed access to allow jobs to run against the MUF from that system and group.
The following security rules need to be coded to resolve this:
RDEFINE DT@YSTEM cxxname.XCF UACC(NONE)
PERMIT cxxname.XCFFROM.* CLASS(DT@YSTEM) ID(muf_userid) ACC(ALTER)
XCF UID(*) PREVENT
XCFFROM.- UID(muf_userid) ALLOW
CA Top Secret
TSS PER(ALL) DTSYSTEM(cxxname.XCF) ACCESS(NONE)
TSS PER(muf_userid) DTSYSTEM(cxxname.XCFFROM.) ACCESS(ALL)
Another way to resolve this is to force the job to run in the same LPAR as the MUF by adding the following card after the JOB card: