You are not using the Security Server (RACF) as your security product. To allow users to access the IXCMIAPU utility that controls the couple data set policies, you must define resource profiles for your security product. A resource profile must exist for any resource name associated with a couple data set policy function:
RDEFINE FACILITY MVSADMIN.XCF.ARM
RDEFINE FACILITY MVSADMIN.XCF.CFRM
RDEFINE FACILITY MVSADMIN.LOGR
RDEFINE FACILITY MVSADMIN.XCF.SFM
RDEFINE FACILITY MVSADMIN.WLM
Assign the RACF equivalent of UPDATE to users who can alter or maintain the policy; assign the RACF equivalent of READ to users who require reports for the policy, but who will not make changes.
After giving access authority to the appropriate users, activate the command for the product that corresponds to the following RACF command to activate the FACILITY class:
SETROPTS CLASSACT(FACILITY)