Examine the report that was produced by the check. Any resource which has an "E" in the "S" (Status) column has excessive authority allowed to the resource. That authority may come from a universal access (UACC) or ID(*) access list entry which is too permissive, or if the profile is in WARNING mode. If the resource is a data set and there is no profile, then PROTECTALL(FAIL) is not in effect. Any data set which has a "V" in the "S" (Status) field is not on the indicated volume. Remove these data sets from the list or allocate the data sets on the volume. Any data set which has an "M" in the "S" (Status) field has been migrated. If the "S" field contains an "E" or is blank, then blanks in the UACC, WARN, and ID(*) columns indicate that there is no RACF profile protecting the resource. Resources which do not have a RACF profile are flagged as exceptions, unless the resource is a data set and SETROPTS PROTECTALL(FAIL) is in effect for the system.

If a valid user ID was specified as a parameter to the check, that user's authority to the resource is checked. If the user has an excessive authority to the resource, that is indicated in the USER column.

Modules which are flagged in the ICHAUTAB report as exceptions must be either removed from ICHAUTAB or the module must be moved to a non-LPA location and the module protected by using Program Control. The users of this module should be limited to only those who are trusted to execute the program in the expected manner.