Why does a LOGONID with the SECURITY privilege get violations for the resource class SURROGAT?

Document ID : KB000025334
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

LOGONIDs with the SECURITY or NON-CNCL privilege get RSUR-logonid.SUBMIT resource violations for the SURROGAT resource class. The user also gets the message ACF01007 A PASSWORD IS REQUIRED FOR LOGONID xxxxxxxx.

Cause:

CA ACF2 has special code in place for SURROGAT calls.

Solution:

Resource class SURROGAT validations check to see if one user has the authority to use another user's LOGONID without knowing the password. SECURITY or NON-CNCL privileges do not allow a user to use someone else's LOGONID without knowing the password - there must be a SURROGAT resource rule allowing access.