The Xpediter/TSO module issues a RACROUTE AUTH call with STATUS=ACCESS. CA ACF2 considers such a call requesting security definitions to require proper program authorization. IBM does not, allowing this call (with STATUS=ACCESS) to be issued from an unauthorized program.
ACF2 checks for this additional authorization and fails this call because TSO sessions do not run as being APF authorized.
To get around this issue, a SAFDEF needs to be defined to allow this program to issue this RACROUTE call with STATUS ACCESS and to remove the check for proper program authorization (APF requirement).
Define a SAFDEF for this RACROUTE AUTH call including the program name and NOAPFCHK as follows:
INSERT SAFDEF.apf PROGRAM(pgmname) RB(pgmname) NOAPFCHK
where "pgmname" is the Xpeditor program name.
To implement this SAFDEF record, issue: