In RACF if your are using the default RACF class PA@EL then you would need READ access to RACF Class PA@EL Resource Name L2AR and CONTROL access to RACF Class PA@EL Resource Name L2AR3. Your shop may be overriding the resource class used for CA7, but as was suggested earlier, you can run CA7 report 30 to read the CA7 log files and verify the resource class and resource name for sure. Although this access is controlled externally by RACF in your case, you won't see the normal violations that you would expect in a syslog, but instead CA7 issues these types of access issues in the CA7 log files. Thus why it's hard to see sometimes.
Original Message:
Sent: 01-25-2021 02:56 PM
From: Lennie Currington
Subject: ARF
I seem to be having an issue trying to get into ARF to use it. When I enter AR on the top line I receive a message stating 'command access denied by security'. If I just go to the menu and put AR in the function, I get a message that states 'you are not authorized to do that function'. I have talked with RACF security and they do not believe there is an issue from their standpoint as they do not see any error messages. Is there somewhere within CA7 that needs to give authorization to use ARF? I haven't been able to find anywhere else to update user ID's to use ARF, so I am now at a loss on where else to look. Any help on where to look would be appreciated