I receive a NO-REC violation in report ACFRPTRV even though there is a rule in the database.

Document ID : KB000025327
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

I wrote a surrogate rule and stored it in the database. But I keep getting a ACF04056 violation and the ACFRPTRV report says NO-REC. I look for the resource rule on the database and the rule is there. Why is this happening? Here is the rule and the violation report.

ACF75052 RESOURCE RULE EZB STORED BY SECADMN ON 02/02/08-13:38
$KEY(EZB) TYPE(SER)
 - UID(*) ALLOW
ACF75051 TOTAL RECORD LENGTH= 188 BYTES, 4 PERCENT UTILIZED

RSER-EZB.STACKACCESS.BART.TCPIP                 *VIO  RSER-EZB
BPXOINIT                 STCINRDR BART ACF9CFAT NO-REC      -        -               READ
08.256 12/09 11.50 SYSLOGD1 BPXOINIT BPXOINIT STCID         0   8   0   0  16

SAF RESOURCE CLASS SERVAUTH

Resolution:

The violation report shows the reason. Module ACF9CFAT was called, which is the module used by CA-ACF2 for RACROUTE REQUEST=FASTAUTH calls. As we document in the CA-ACF2 Administrators Guide, Chapter 5: Understanding SAF:

"...CA-ACF2 for z/OS performs a FASTAUTH call
only if resident rules exist. If the rules are not
resident, the call gets a RC=8. ..."

So what needs to be done is to add the type code to the INFODIR record to make it a resident directory.

TSO ACF
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RSER) ADD
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(SER)
END

At this point, your rule should be in place. If you make ANY changes to a TYPE(SER) rule, or add/delete one, you will need to issue the REBUILD command again.