I couldn't find this requirement documented anywhere, but when we upgraded OnDemand on z/OS fro V9 to V9.5
the AFP load jobs started getting this violations:
ICH408I USER(.......
CSFRNG CL(CSFSERV )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
ICH408I USER(........
CSFIQA CL(CSFSERV )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
Has someone else run into this?
We disabled SAF authorization checking for the CSFRNG services as recommended in
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.csfb300/ctlserv.htmbut it appears we will have to grant read access for CSFIQA profile to all userids that load AFP reports,