When I do a ‘Who Has Access’ with my logonid that has Security and Audit privileges but I get the ACF03011 error indicating that I am not authorized, why?
Your CA Data Content Discovery Controller user ID requires the following resources
to view who has access information:
DCD.SCAN.STATUS.OVERVIEW to log in and see status information
DCD.SCAN.STATUS.RESULTS to view reporting and scan results
DCD.SCAN.STATUS.WHOHAS to view the who has access results
The who has access results are based on your external security manager (ESM) as follows:
CA ACF2: Results are limited by the authority that is granted to you by the ACCESS|NOACCESS
field in the GSO OPTS record. Results reflect what CA ACF2 returns through the ACCESS subcommand.
CA Top Secret: Results are limited by the authority that is granted to you for using the
WHOHAS command. Results reflect what CA Top Secret returns through the WHOHAS command. In
the results, each profile listing is expanded to show all ACIDs in the profile.
IBM RACF: Results are limited by the authority that is granted to you to use the LISTDSD
command. In the results, each group listing is expanded to show all userids in the group.
The DCDCONTL started task requires the following.
CA ACF2: The DCDCONTL logonid requires AUDIT or SECURITY.
CA Top Secret: The DCDCONTL ACID requires TSS admin authority called ACID(INFO).
IBM RACF: The DCDCONTL userid requires the AUDITOR attribute.