I would recommend that you use the SEVPOST exit. (System Entry Validation Postprocessing Exit)
If you need to see data from the logonid record use field SXPORECA in ACFSFXP parameter list.
The ACVALD parameter block is addressed by field SXPFRBA in ACFSFXP parameter list.
If you are setting a message you should set SXPFXMSG (x'80') in SXPFLAG2.
Also the message should be moved to ACVMSG address passed in the ACVALD.
And ACVSMSG (x'04') should be set in ACVRFLG in ACVALD.
The format of message should be llll0000message
where llll is halfword length of message plus 4 bytes for header.
So if you want "ABC1234 access prevented by system security" to be the message sent to user ,
the format of the message area passed in ACVMSG is ..
x'0034' x'0000' c'ABC1234 access prevented by system security'
If you just set Return code 8 and do not need a message - the user will receive message
ACF01035 SEVPOST EXIT FAILED REQUEST