IC94582: AUTHENTICATION AND AUTHORIZATION ERRORS, CDISR2518E AND CDISC5102E OR CDISR2503E, CAUSED BY LARGE GROUPS.
Fixes are available
Closed as fixed if next.
The Authentication and Authorization Service (AAS) is a management service that authenticates and authorizes operations for the instance. The AAS uses the getgrgid_r function to obtain information about a user's groups. If the getgrgid_r function returns more than 16 KB of information (for example if the group contains many members), the AAS might incorrectly indicate that a user does not have authority to perform an action. When the problem occurs, the AAS log contains messages that include similar information to the following: calling getgrgid_r(<group-id>) getgrgid_r(<group-id>) failed Basic authentication operation to get group failed. If a user belongs to multiple groups and the problematic group is not the one that is associated with the access control list (ACL) for InfoSphere Streams, the AAS may nonetheless fail.
To work around the problem, remove the user from the problematic groups or change the security-config.xml for the instance to use specific user permissions instead of group permissions. See the article "Setting up security for IBM InfoSphere Streams" in the IBM InfoSphere Streams Information Center
Users Affected: Users who use the large user groups. Problem Description: See Error Description. Problem Conclusion: This problem is fixed in Version 3.1 Fix Pack 1 and later fix packs.
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Applicable component levels