System authorization facility (SAF) responses to the named counter server

If the security profile for a named counter pool cannot be retrieved, SAF neither grants nor refuses the access request. In this situation:

Access to the named counter pool, either by a CICS region or by the named counter server itself, is rejected if:
Access to the named counter pool, either by a CICS region or by the named counter server itself, is accepted if:
Access is permitted to any named counter server without a specific DFHCF.poolname profile, or an applicable generic profile. No messages are issued to indicate this. To avoid any potential security exposures, you can use generic profiles to protect all, or specific groups of, named counter servers. For example, specifying:
RDEFINE FACILITY (DFHNC.*) UACC(NONE)
ensures that access is allowed only to named counter servers with a more specific profile to which a named counter server or CICS region is authorized.