NetIQ Security Solutions for iSeries 8.0
System Auditing and Reporting (SAR)
AAAUTHFAIL, AACL28AF, ZAACL28AF, XACL28AF
What is the meaning of Violation Type D on the All Authority Failures report?
According to the IBM iSeries Security Reference, Violation Type D is caused by the use of an unsupported interface, causing an object domain failure.
Violation Type D is caused when an unsupported interface, such as a system domain program that is not an API, is used to access an object. The object could be a library or any other object type. For example, if you use DSPCMD RETURN to see the command processing program for the RETURN command, you see it is QWTCCRTN in QSYS. If you call this program directly (CALL QSYS/QWTCCRTN), you generate a Violation Type D, because the command line is not an allowed interface for calling this program.
If 3rd party software is involved, contact the vendor.