IBM Support

OA55859: ALLOW ALTERNATIVE USAGE OF RMTCMD FOR TWS AUTOMATION.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • Allow alternative usage of RMTCMD for TWS Automation.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All SA z/OS V4R1 customers trying to limit   *
*                 the usage of the OPERID parameter of the     *
*                 RMTCMD command.                              *
****************************************************************
* PROBLEM DESCRIPTION: Commands like INGTWS, INGSEND and when  *
*                      deleting SDF records may use the        *
*                      OPERID parameter of the RMTCMD command  *
*                      and switch identity to a different      *
*                      task before going to the remote system. *
*                      Customers may prefer that the actual    *
*                      switch occurs on the remote/target      *
*                      system instead.                         *
****************************************************************
A new Advanced Automation Option (AAO) CGlobal variable should
be provided to allow for a change of the current behavior.
The originating operator will then be used to logon to the
target NetView to keep the security context.

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • REXX macro AOFC0099 has been modified to check new AAO
AOF_PRESERVE_EXECUTION_CONTEXT. When the AAO is set to '1' then
the RMTCMD operand OPERID is not used. This prevents the switch
to the automated function user ID during the RMTCMD processing.
REXX modules EVJRYRQ0, EVJRYST0, INGRYMSG and INGRYSND have
been shipped to support the macro changes.
Samples AOFSTYLE, INGESAF and INGSSAF have been modified to
introduce and support new AAO AOF_PRESERVE_EXECUTION_CONTEXT.

+------ System Automation for z/OS Version 4 Release 1 --------+
|                                                              |
|PROGRAM NUMBER: 5698-SA4                                      |
|                                                              |
|TITLE:       System Automation for z/OS         SC34-2715-01  |
|             Customizing and Programming                      |
|                                                              |
|CHAPTER:     Appendix A. Global Variables                     |
|TOPIC:       Read/Write Variables                             |
|                                                              |
|CHANGE:                                                       |
|                                                              |
| Insert the following new variable in 'Table 25. Global       |
| Variables to Enable Advanced Automation (CGLOBALS):          |
|                                                              |
|+-----------------+-----+------------------------------------+|
||Variable Name    |Value|Effect                              ||
|+-----------------+-----+------------------------------------+|
||AOF_PRESERVE_    |1    |When SA z/OS uses the RMTCMD        ||
||EXECUTION_CONTEXT|     |infrastructure, the originating     ||
||                 |     |user ID will log on to the target   ||
||                 |     |NetView environment. After logon,   ||
||                 |     |it will switch to the automated     ||
||                 |     |function user ID to invoke the      ||
||                 |     |intended action.                    ||
|+-----------------+-----+------------------------------------+|
||                 |0    |When SA z/OS uses the RMTCMD        ||
||                 |     |infrastructure, the originating     ||
||                 |     |user ID will switch to the automated||
||                 |     |function user ID during the RMTCMD  ||
||                 |     |processing.                         ||
||                 |     |0 is the default setting.           ||
|+-----------------+-----+------------------------------------+|
|                                                              |
|--------------------------------------------------------------|
|                                                              |
|TITLE:       TWS Automation Programmer s        SC34-2749-01  |
|             Reference and Operator s Guide                   |
|                                                              |
|CHAPTER:     6. Installing TWS Automation                     |
|TOPIC:       RMTCMD Security Considerations                   |
|                                                              |
|CHANGE:                                                       |
|                                                              |
| Replace the text of the topic with the following:            |
|                                                              |
| NetView? RMTCMD is used to communicate with remote domains   |
| (that is, gateway connected domains outside the system or    |
| sysplex where the TWS Controller is running). RMTCMD will    |
| be used if TWS Automation is controlling applications on a   |
| remote domain and recovery is required for the TWS           |
| Automation-controlled operations after the remote system     |
| or gateway has failed.                                       |
|                                                              |
| The AAO AOF_PRESERVE_EXECUTION_CONTEXT variable controls     |
| the security context under which an action is executed on    |
| an SAplex that is located outside the physical sysplex.      |
| For more information about this variable, see Read/Write     |
| Variables in Customizing and Programming.                    |
|                                                              |
| If the value of AOF_PRESERVE_EXECUTION_CONTEXT is 0, then    |
| the following security is required:                          |
|                                                              |
| The operator IDs for OPCAMSTR and OPCAOPR2 (AUTOPCP and      |
| AUTOPCE or user specified operator ID) must have the         |
| appropriate NetView or RACF? authority to use RMTCMD on      |
| the local system (that is, the system running the TWS        |
| Controller). NetView or RACF definitions may also be         |
| required on the remote systems. For more details about       |
| the NetView or RACF security implications when using         |
| RMTCMD, please refer to Tivoli NetView Security Reference.   |
|                                                              |
| If the value of AOF_PRESERVE_EXECUTION_CONTEXT is 1,         |
| then the following security is required:                     |
|                                                              |
| The invoking operator IDs must have the appropriate          |
| NetView or RACF authority to use RMTCMD on the local         |
| system (that is, the system running the TWS Controller).     |
| On the target system, the invoking operator must have the    |
| ability to switch to the operator IDs for OPCAMSTR and       |
| OPCAOPR2 (AUTOPCP and AUTOPCE or user specified operator     |
| ID) and to execute the intended action. NetView or RACF      |
| definitions may also be required on the remote systems.      |
| For more details about the NetView or RACF security          |
| implications when using RMTCMD, please refer to Tivoli       |
| NetView Security Reference.                                  |
|                                                              |
+--------------------------------------------------------------+

    



APAR Information




    

  • APAR number
    OA55859
    • 

  • Reported component name
    SYSTEM AUTO Z/O
    • 

  • Reported component ID
    5698SA300
    • 

  • Reported release
    410
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-07-13
    • 

  • Closed date
    2019-02-26
    • 

  • Last modified date
    2019-04-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UA98699 UA98700
    

    • 



Modules/Macros


    

  • AOFSTYLE EVJRYRQ0 EVJRYST0 INGESAF  INGRYMSG INGRYSND INGSSAF

    




Publications Referenced


SC34271501SC34274901   





Fix information


    

  • Fixed component name
    SYSTEM AUTO Z/O
    • 

  • Fixed component ID
    5698SA300
    • 



Applicable component levels


    

  • R41F  PSY  UA98700
       UP19/03/05  P  F903
    • 

  • R410  PSY  UA98699
       UP19/03/05  P  F903
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSWRCJ","label":"IBM Tivoli System Automation for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"410","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 April 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback