IBM Support

OA54273: CKRALLOC LOSES RACF DB ENTRY DURING RECURSIVE CALLS - FIN REVERSAL OF OA48213

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CKRALLOC loses RACF DB entry during recursive calls.
    This leads to failing commands.
    

Local fix

  • Specify consistent complex values for all input files.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin exploiting the        *
    *                 software to process multi-system data with   *
    *                 zSecure services for remote data access.     *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin might display MSGCKR0617, *
    *                      MSGCKR0380, and MSGCKR0381 in cases     *
    *                      where the remote data sources are       *
    *                      defined/allocated with the special      *
    *                      value of asterisk (*) for 'zSecure Node *
    *                      name' (ZSECNODE allocation parameter)   *
    *                      or 'zSecure System' (ZSECSYS allocation *
    *                      parameter).                             *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When the remote data sources are defined/allocated with the
    special value of asterisk (*) for 'zSecure Node name' (ZSECNODE
    allocation parameter) or 'zSecure System' (ZSECSYS allocation
    parameter), the zSecure Admin might generate a MSGCKR0617 which
    begins with the text "Warning: missing RACF security
    database ...". In cases where an action like 'Copy' or
    'Recreate' is requested against a profile, a MSGCKR0380 which
    begins with the text 'Action for user <user> requested, but
    userid not defines' or a MSGCKR0381 which begins with the text
    'Action for group <group> requested, but group not defined'
    might also be displayed and the generated RACF commands are
    inconsistently generated.
    

Problem conclusion

  • zSecure Admin has been modified so that it handles the remote
    data sources defined/allocated with the special value of
    asterisk (*) for 'zSecure Node name' (ZSECNODE allocation
    parameter) or 'zSecure System' (ZSECSYS allocation parameter)
    are handled properly.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA54273

  • Reported component name

    AUDIT-R,A,T ACF

  • Reported component ID

    5655T0200

  • Reported release

    221

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-10-26

  • Closed date

    2017-11-17

  • Last modified date

    2017-12-02

  • APAR is sysrouted FROM one or more of the following:

    OA53798

  • APAR is sysrouted TO one or more of the following:

    UA94452

Modules/Macros

  •    C2AP3I@Z C2AP3R@Z
    

Fix information

  • Fixed component name

    AUDIT-R,A,T ACF

  • Fixed component ID

    5655T0200

Applicable component levels

  • R221 PSY UA94452

       UP17/11/23 P F711

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRQGZ","label":"IBM Security zSecure Audit for ACF2"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
02 December 2017