SI49837 - IMAGEPLUS-INCORROUT PROPAGATION OF AUTHORITY LIST ON OBJECTS
PTF ( Program Temporary Fixes ) Cover letter
IMAGEPLUS-INCORROUT PROPAGATION OF AUTHORITY LIST ON OBJECTS
Pre/Co-Requisite PTF / Fix List
REQ LICENSED PTF/FIX LEVEL
TYPE PROGRAM REL NUMBER MIN/MAX OPTION
---- -------- --- ------- ------- ------
DIST 5722VI1 530 SI28249 NONE 0001
DIST 5722VI1 530 SI28301 NONE 0001
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels. This PTF may be a prerequisite
for future PTFs. By applying this PTF you authorize and agree to the
This PTF is subject to the terms of the license agreement which
accompanied, or was contained in, the Program for which you are obtaining
the PTF. You are not authorized to install or use the PTF except as part
of a Program for which you have a valid Proof of Entitlement.
SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.
The applicable license agreement may have been provided to you in printed
form and/or may be viewed using the Work with Software Agreements (WRKSFWAGR)
APAR Error Description / Circumvention
When authorization list is on an IFS directory/sub-directory
path where CM will write newly scanned or imported objects, the
authorization list will not propagate or inherit to the object
if the CM group profile (EKDGROUP is example) is in the
authorization list with *CHANGE authority. When the object is
created and stored into the directory, the EKD0080 file gets a
record with VICS6052 as the error and in the error extended data
field, CS00A RTV A09C with the IFS path showing. A09C is
Message . . . . : Not authorized to object. Object is &1.
Cause . . . . . : You do not have the correct authority for
object &1 or for
one of the directories in the object path.
The authorization list will not be on the newly created object
and *PUBLIC authority will be *RWX rather than *RX as it was on
the directory/sub-directory in sample testing.
This message goes away if the group profile has *ALL authority
in the authorization list but this is a security exposure to the
customer. The Admin profile (EKDADMIN as an example) does have
*ALL in the authorization list, yet it apparently is not used
for the changing required to put authorization list on the newly
CORRECTION FOR APAR SE55052 :
Program EKDRTVDIRI incorrectly propagated directory authorities
when creating new files. The program has been corrected.
CIRCUMVENTION FOR APAR SE55052 :
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI36605 :
When authorization lists are associated with a CM directory, one of the
functions for CM during import and/or scan is to retrieve the
authorization list and than to assign the authorization list to the
object. In order for CM to be able to add this security, the
import/scan user must have the following authorities:
1. The user must have *USE authority to the CHGAUT command.
2 Minimal Data Authority *X to the root directory
3. Data Authority *ALL to the subdirectory and the object.
The user's authority to the subdirectory can be via a group profile or
an authorization list.
If the user does not have the proper authorities, the object will be
store into CM, however, the authorization list will not be assigned to
the object and users may have problems displaying the document because
he/she does not have the proper authorities.
SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI28248 :
For the Read This First on how to implement permanent Days on DASD, go
THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.
PTF/FIX NO(S). APAR TITLE LINE
SI38723 IMAGEPLUS-INCORROUT PGM EKDRTVDIRI IS SENDING MESSAGES TO QS
SI36605 OSP-PAR-940XCOM *PUBLIC NOW RECEIVES *RX AUTHORITY TO CM OBJ
SI35654 IMAGEPLUS OBJECTS CREATED IN DIRECTORY DIDN'T INHERIT THE AU
SI35392 IMAGEPLUS-INCORROUT BATCH IMPORT DOES NOT PROCESS ALL RECORD
SI30940 OSP-MSGMCH3601-PAR-940XCOM BATCH IMPORT PROCESS FAILS WITH M
SI27719 IMAGEPLUS-F/QC2IO-T/EKDOBJIMPP-MSGMCH3601 MCH3601 IN
SI18441 OSP-PAR EKD-9786 AND FRN6912A ERRORS MAY INTERMITTENTLY OCCU
SI17708 OSP-PAR CM/400 HOST BATCH IMPORT JOB QVI_IM0101 WRITES DATA
SI14133 OSP Batch Import does not properly start 10 jobs
SI10877 OSP-PAR CM/400 BATCH IMPORT PROBLEM W/ SKIPPED RECORD(S) WHE
SI10877 IMAGEPLUS QIBM_VI_IMP_CREATED USER EXIT: NUMBER OF ATTRIBUTE
SI10441 OSP Batch Import not properly beginning items on a process
SI09947 OSP-PAR CORRECT RESULTS NOT PRODUCED WHEN MULTIPLE DIRECTORI
SI35526 IMAGEPLUS OBJECT BEING DELETED WHEN TARGET PATH DIDN'T EXIST
SI35497 IMAGEPLUS-INCORROUT CPF1ED7 RECEIVED BY EKDRTVDIRI; DOCUMENT
SI35161 OSP OBJECTS RETRIEVAL FROM OPTICAL INTO DASD INHERIT THE AUT
SI34301 IMAGEPLUS-INCORROUT INCORRECT OPTICAL VOLUME IDS IN EKD0310
SI28248 OSP Allow documents to always remain on DASD
SI25954 IMAGEPLUS DUTCH LANGUAGE, INDEX CLASS SET FOR AUTO FOLDERING
SI22373 OSP-PAR KEYFIELD MAY BE REMOVED FROM AN INDEX CLASS PROFILE
SI15730 IMAGEPLUS OPTICAL RETRIEVE FAILS OR ERROR RC=0629 IS RECEIVE
SI10753 OSP-PAR user id fields not properly updated in 320 and 322
SI10753 OSP-PAR delete processor does not work properly.
SI10753 OSP-PAR Optical batch retrieve processor fails w/ MCH3401.
SI09965 OSP-PAR Index Class Maintenance working with incorrect file
SI09965 OSP Optical Distribution, and Optical Store fail due to
|MRI Feature ........................||NONE|
More support for:
Software version: V5R3M0
Operating system(s): OS/400
Reference #: SI49837
Modified date: 12 June 2013