IBM Support

OA60440: LOOP IN CKROUACC.CONNAUTH WHEN A GROUP OWNERSHIP LOOP EXISTS IN THE RACF DATABASE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Loop in CKROUACC.CONNAUTH when a group ownership loop exists in
    the RACF database.
    
    This loop can also occur when using a zSecure Unload as input,
    if the original RACF DB contains such a group ownership loop.
    

Local fix

  • Correct group ownership loop.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit and Access Monitor    *
    *                 processing RACF data with profile group      *
    *                 ownership loop(s).                           *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit and Access Monitor        *
    *                      (reporting function) might go into an   *
    *                      infinite loop in cases where RACF data  *
    *                      being processed have profile group      *
    *                      ownership loop(s).                      *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When RACF profile group ownership loop(s) exist(s) in the RACF
    data being processed, the zSecure Audit and Access Monitor might
    enter an infinite loop while processing Access Monitor reports
    or User IDs/groups reports (newlist type ID). Also, the VERIFY
    GROUPTREE command does not detect loops for the SYS1 group.
    

Problem conclusion

  • zSecure Audit and Access Monitor have been modified so that
    loops in the group ownership structure in the RACF data do not
    cause the program to enter an infinite loop. The VERIFY
    GROUPTREE command processing has been also modified so that it
    reports group ownership loops the SYS1 group.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA60440

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    240

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-11-05

  • Closed date

    2020-11-20

  • Last modified date

    2020-12-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ04428

Modules/Macros

  • CKROUACC CKROUID  CKRPRMSG CKRVGRP  GKROUACC GKROUID  GKRPRMSG
    GKRVGRP
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R240 PSY UJ04428

       UP20/11/24 P F011

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240"}]

Document Information

Modified date:
02 December 2020