When I do a ?Who Has Access? with my logonid that has Security and Audit privileges but I get the ACF03011 error indicating that I am not authorized, why?

Document ID : KB000044642
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:  

When I do a ‘Who Has Access’ with my logonid that has Security and Audit privileges but I get the ACF03011 error indicating that I am not authorized, why?

Answer:  

Your CA Data Content Discovery Controller user ID requires the following resources 

to view who has access information: 

 

DCD.SCAN.STATUS.OVERVIEW to log in and see status information

DCD.SCAN.STATUS.RESULTS to view reporting and scan results 

DCD.SCAN.STATUS.WHOHAS to view the who has access results

 

The who has access results are based on your external security manager (ESM) as follows:

 

CA ACF2: Results are limited by the authority that is granted to you by the ACCESS|NOACCESS 

field in the GSO OPTS record. Results reflect what CA ACF2 returns through the ACCESS subcommand.

 

CA Top Secret: Results are limited by the authority that is granted to you for using the 

WHOHAS command. Results reflect what CA Top Secret returns through the WHOHAS command. In 

the results, each profile listing is expanded to show all ACIDs in the profile.

 

IBM RACF: Results are limited by the authority that is granted to you to use the LISTDSD

command. In the results, each group listing is expanded to show all userids in the group.

 

The DCDCONTL started task requires the following.

 

CA ACF2: The DCDCONTL logonid requires AUDIT or SECURITY.

CA Top Secret: The DCDCONTL ACID requires TSS admin authority called ACID(INFO). 

 

IBM RACF: The DCDCONTL userid requires the AUDITOR attribute.