DATASET access is not checking for rules

Document ID : KB000115869
Last Modified Date : 26/09/2018
Show Technical Document Details
On the production system, a user is getting a violation for a dataset, ACF99913, but on the test LPAR they do not even though the rules are the same.
In ACF2, if the PREFIX of the logonid matches the high-level qualifier, then that users OWNS that high-level and rules are not checked.  For that reason, you should not give out a logonid with PREFIX(********) as that user would then own every dataset on the system.
Additional Information:
To troubleshoot why a user gets unexpected access to datasets or resources, add TRACE to the users logonid, and have them logoff and back on, and then recreate the situation.  SMF records will be cut for every dataset or resource that user attempts to access while TRACE is on.  Run the ACFRPTDS or ACFRPTRV to get this information.