ESF796 messages with reason UNKNOWN are issued in the ESFLOG; what should I check to prevent these messages to be issued ?
Messages ESF796 can be issued when processing internal security checks and a file is being written to CA Spool, or a user tries to access a file or a printer, or after a REINIT in case a SAFUID has been removed and there are files in Spool associated with the user for some examples.
They can be one of the two following formats:
ESF796 USER(USER01 ) UNKNOWN
which means user USER01 does not match a SAFUID definition
ESF796 USER(USER01 )
ESF796 RESOURCE(ESFSECU.NOGR10.G0000777 ) UNKNOWN
which means resource ESFSECU.NOGR10.G0000777 does not have a matching SAFAT definition
Using internal and/or external security is defined on the SAFDEF statement, and can be overriden individually on SAFTYPEs; for example:
When both internal and external security are active, CA Spool first checks internal definitions for authorization; if access is not allowed with internal security then CA Spool issues SAF calls to the external security tool (CA Top Secret, CA ACF2 or IBM RACF).