IBM Support

OA50118: AUTHORITY NOT CHECKED FOR BASE CLUSTER ON DEFINE PATH or AIX

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • With OA47269 & OA49446 applied, authority is checked for a PATH,
    or AIX that is being defined. However, authority is not checked
    for the base cluster. This can lead to authorization failues
    once a base cluster is accessed via a PATH or AIX by a user or
    application that has authority to the PATH & AIX, but not the
    base cluster.
    

Local fix

  • Avoid defining aliases for unauthorized data sets.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: z/OS users at release HDZ1D10 or higher      *
    *                 that have VSAM CLUSTERs with either          *
    *                 Alternate Indexes (AIXs) or PATHs.           *
    *                 Changes to RACF authority during DEFINE when *
    *                 using facility class                         *
    *                 STGADMIN.IGG.CATALOG.SECURITY.BOTH           *
    ****************************************************************
    * PROBLEM DESCRIPTION: Alternate Indexes (AIXs) can be defined *
    *                      to a CLUSTER to which the user has no   *
    *                      RACF authority. Subsequent attempts to  *
    *                      OPEN the CLUSTER can cause OPEN         *
    *                      failures to the CLUSTER due to          *
    *                      insufficient RACF authority to the AIX  *
    *                      when the AIX has UPGRADE specified and  *
    *                      the user is not authorized to the AIX,  *
    *                      but is authorized to the CLUSTER.       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    A new facility class STGADMIN.IGG.CATALOG.SECURIY.BOTHis
    introduced. Users having READ authority to
    STGADMIN.IGG.CATALOG.SECURIY.BOTH are required to have ALTER
    authority to both the CLUSTER and the PATH or AIX when defining
    a path or AIX. This ensure sufficient authority to both the
    CLUSTER and AIX or PATH on subsequent VSAM OPENs.
    

Problem conclusion

  • Problem is resolved when PTFs are applied and READ authority is
    established to STGADMIN.IGG.CATALOG.SECURIY.BOTH for all users.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA50118

  • Reported component name

    ICF CATALOG & I

  • Reported component ID

    5695DF105

  • Reported release

    210

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / Pervasive / Xsystem

  • Submitted date

    2016-03-14

  • Closed date

    2017-02-02

  • Last modified date

    2017-03-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA83943 UA83944 UA83945

Modules/Macros

  • IGG0CLFT
    

Publications Referenced
SC23684602    

Fix information

  • Fixed component name

    ICF CATALOG & I

  • Fixed component ID

    5695DF105

Applicable component levels

  • RD10 PSY UA83943

       UP17/02/28 P F702

  • R210 PSY UA83944

       UP17/02/28 P F702

  • R220 PSY UA83945

       UP17/02/28 P F702

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"210","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
01 March 2017