Problem

after implementing the CFT Internam AM with "safclass".

violations are logged in SMF records.


How to limit or avoid this number of violations to be written to the SMF record?

Violations are of type:

17Jul22 13:41:47.05 RACF ACCESS violation for User1: (READ,NONE) on FACILITY CFT.ROLE.OPERATOR
17Jul22 13:41:47.05 RACF ACCESS violation for User1: (READ,NONE) on FACILITY CFT.ROLE.PARTNER
17Jul22 13:41:47.05 RACF ACCESS violation for User1: (READ,NONE) on FACILITY CFT.ROLE.DESIGNER
17Jul22 13:41:47.05 RACF ACCESS violation for User1: (READ,NONE) on FACILITY CFT.ROLE.TRANSFER

Resolution

This should be addressed to the customer's security team in charge of RACF (or the like).

It should be fine using the command below to not have the audit for the CFT SAFclass:

SETROPTS LOGOPTIONS(NEVER(CFT SAFclass))

For more information about SAF audit messages management, see the IBM documentation, especially, the chapter about: "Activating auditing for access attempts by class"