Seems to only happen for EVTTYPECODE=23, EVTTYPECODE=22 still has OBJENTITY. TSSUTIL still finds resource names for VIOLATION events so the problem does not seem to be with SAF or TSS.
This is caused by maintenance that is being rolled.
Dates when this started happening on different LPARs coincide with this maintenance being applied and this does not happen on systems that do not yet have this maintenance.
Here is detail on the maint: ST00316 ALLOW TSSSIM PANELS TO WORK FOR Z/OS 2.3 TR98341 HFSUTIL2 ABEND U1234 FOR BITS DURING HFSSEC CONVERSION SO00365 Z/OSMF REST API SECURITY FAILURE SO00168 UPDATES TO CICS VERIFYX, MFA, PASSTICKET, AES256 PERFORMANCE RO99645 INCREASED CPU USAGE FOR AES256 VERIFY PASSWORDS IN CICS (prereq for SO00168) SO00132 SUPPORT FOR IBM MFA RADIUS FACTORS (prereq for SO00168) SO00169 UPDATES TO CICS VERIFYX, MFA, PASSTICKET, AES256 PERFORMANCE (prereq for SO00168) RO99694 ABENDS 0C4 / 0C7 IN TSSKERNL MODULE TSSKECA (CEM) RO99484 S0C4 ABEND AFTER RO99320 IS APPLIED RO99320 CA TRUSTED ACCESS MANAGER FOR Z SUPPORT (prereq for RO99484) RO99512 UPDATES TO CA TRUSTED ACCESS MANAGER FOR Z SUPPORT RO99690 TSS ELEVATE CMD S0C7 TSSAUTHB+36E4 + HIGH CPU TSS LIST(SDT) RO99394 TSS0301I ERROR WHEN RUNNING TSSCFBK UTILITY (prereq for RO99690)
With solution RO99320 installed, new object access violation and
object access audit events generated for CA Compliance Event Manager
will not contain a resource entity name.