IBM Support

OA60881: TRUSTED NEWLIST SHOWS USER ID HAS ACCESS TO A DATA SET, EVEN WHEN IT HAS PERMIT AC(NONE)

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • TRUSTED newlist shows user ID has access to a data set, even
    when it has PERMIT AC(NONE).
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit for RACF exploiting   *
    *                 TRUSTED reports.                             *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit might report a userid as  *
    *                      having access to a data set even if it  *
    *                      has explicit NONE permit for that       *
    *                      userid.                                 *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When a data set has explicit NONE permit for a userid, the
    zSecure Audit might still report that ID as having access
    through connect groups. Same applies to reports displayed by the
    ACL TRUST primary command.
    

Problem conclusion

  • zSecure Audit has been modified so that TRUSTED report does not
    report a userid to a data set having the explicit NONE permit
    for that ID.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA60881

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    240

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-02-12

  • Closed date

    2021-12-22

  • Last modified date

    2022-01-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ07446 UJ07450

Modules/Macros

  • CKRICMD  CKRM02   CKROUPUT CKRXPLA  GKRICMD  GKROUPUT GKRXPLA
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R240 PSY UJ07450

       UP21/12/23 P F112

  • R250 PSY UJ07446

       UP21/12/23 P F112

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240"}]

Document Information

Modified date:
05 January 2022