When a security product other than RACF® is in use
File Manager makes
RACROUTE calls, with STATUS=ACCESS, to SAF FACILITY profiles:
- FILEM.PARMLIB.**
- FILEM.SAFAUDIT.** (only if the first call fails)
STATUS=ACCESS is specified because the RACROUTE call should not audit the call. The documentation
in the z/OS® Security Server RACROUTE Macro
Reference, in the description of RACROUTE REQUEST=AUTH,STATUS=ACCESS, states:
- ACCESS
- The request is simply to return the user's highest current access to the resource specified. Upon successful completion, the user's access is returned in the RACF® reason code. No auditing is done for this request.
When RACF® is used, the STATUS=ACCESS request works as documented, and no security-related logging or abends are generated, even if you do not have access to the profile.
However, when non-RACF security products such as ACF2 are used, an S047 abend may be issued in response to the above RACROUTE request. These users should consult the product documentation and make changes accordingly.