Is there a recommended ACF2 GSO SAFDEF for the product IAM?

Document ID : KB000013652
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Is there a recommended ACF2 GSO SAFDEF for the product IAM?

Answer:

The IAM file opens are not picked up by the ACF2 open intercept so the SAF AUTH call from SVC019 is being ignored so no validations will be validated essentially no security for IAM file opens. Adding the SAFDEF that will force the validations if they are issued by IAM. 

ACF
SET C(GSO)
INSERT SAFDEF.IAM MODE(GLOBAL) ID(IAM) RB(SVC019) -
RACROUTE(REQUEST= AUTH CLASS=DATASET REQSTOR=IAMAVSOC) REP
F ACF2,REFRESH(SAFDEF) 

After adding the above SAFDEF ACF2 dataset access rules will be needed to IAM file opens.