When the the FACILITY VM required?

Document ID : KB000118541
Last Modified Date : 26/10/2018
Show Technical Document Details
Issue:
Is the VM facility only required for IDs that will actually perform signon? Do service machines (those that are XAUTOLOG'd and not signed on to directly) require this facility as well? 
Resolution:
Per the doc, users that logon to a virtual machines are the ones that need the VM FACILITY:

https://docops.ca.com/ca-top-secret-for-z-vm/12-1/en/administering/administering-facility-security/vm-as-a-facility

If a user is not authorized, they will receive a FACILITY NOT AUTHORIZED message and get a security violation with a detailed reason code of 1C when running a TSSUTIL audit report.

XAUTOLOGed machines dont need the VM FACILITY.