Controlled temporary special requires that each parameter specified by the user (that can be protected) is protected by an XFACILIT rule. Check Figure 12 "
Policy profiles used to determine whether Controlled Temporary system-level attributes can be assigned" at or around page 52 for the list of resources that must be protected.
The resource you mentioned
(C4R.USER.NAME.BGROUP.A11111) suggests that the techuser wanted to change the NAME field of user ID A11111, which is owned by BGROUP. By defining, e.g., C4R.USER.NAME.B*.*, you would allow them to change the name of any user ID owned by a group that starts with a B.
Parameters that are mapped to unprotected resource names are denied for controlled temporary special, unless command verifier has no support for the parameter in the first place.
------------------------------
Rob van Hoboken
------------------------------