A fix is available
APAR status
Closed as new function.
Error description
Allow alternative usage of RMTCMD for TWS Automation.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All SA z/OS V4R1 customers trying to limit * * the usage of the OPERID parameter of the * * RMTCMD command. * **************************************************************** * PROBLEM DESCRIPTION: Commands like INGTWS, INGSEND and when * * deleting SDF records may use the * * OPERID parameter of the RMTCMD command * * and switch identity to a different * * task before going to the remote system. * * Customers may prefer that the actual * * switch occurs on the remote/target * * system instead. * **************************************************************** A new Advanced Automation Option (AAO) CGlobal variable should be provided to allow for a change of the current behavior. The originating operator will then be used to logon to the target NetView to keep the security context.
Problem conclusion
Temporary fix
Comments
REXX macro AOFC0099 has been modified to check new AAO AOF_PRESERVE_EXECUTION_CONTEXT. When the AAO is set to '1' then the RMTCMD operand OPERID is not used. This prevents the switch to the automated function user ID during the RMTCMD processing. REXX modules EVJRYRQ0, EVJRYST0, INGRYMSG and INGRYSND have been shipped to support the macro changes. Samples AOFSTYLE, INGESAF and INGSSAF have been modified to introduce and support new AAO AOF_PRESERVE_EXECUTION_CONTEXT. +------ System Automation for z/OS Version 4 Release 1 --------+ | | |PROGRAM NUMBER: 5698-SA4 | | | |TITLE: System Automation for z/OS SC34-2715-01 | | Customizing and Programming | | | |CHAPTER: Appendix A. Global Variables | |TOPIC: Read/Write Variables | | | |CHANGE: | | | | Insert the following new variable in 'Table 25. Global | | Variables to Enable Advanced Automation (CGLOBALS): | | | |+-----------------+-----+------------------------------------+| ||Variable Name |Value|Effect || |+-----------------+-----+------------------------------------+| ||AOF_PRESERVE_ |1 |When SA z/OS uses the RMTCMD || ||EXECUTION_CONTEXT| |infrastructure, the originating || || | |user ID will log on to the target || || | |NetView environment. After logon, || || | |it will switch to the automated || || | |function user ID to invoke the || || | |intended action. || |+-----------------+-----+------------------------------------+| || |0 |When SA z/OS uses the RMTCMD || || | |infrastructure, the originating || || | |user ID will switch to the automated|| || | |function user ID during the RMTCMD || || | |processing. || || | |0 is the default setting. || |+-----------------+-----+------------------------------------+| | | |--------------------------------------------------------------| | | |TITLE: TWS Automation Programmer s SC34-2749-01 | | Reference and Operator s Guide | | | |CHAPTER: 6. Installing TWS Automation | |TOPIC: RMTCMD Security Considerations | | | |CHANGE: | | | | Replace the text of the topic with the following: | | | | NetView? RMTCMD is used to communicate with remote domains | | (that is, gateway connected domains outside the system or | | sysplex where the TWS Controller is running). RMTCMD will | | be used if TWS Automation is controlling applications on a | | remote domain and recovery is required for the TWS | | Automation-controlled operations after the remote system | | or gateway has failed. | | | | The AAO AOF_PRESERVE_EXECUTION_CONTEXT variable controls | | the security context under which an action is executed on | | an SAplex that is located outside the physical sysplex. | | For more information about this variable, see Read/Write | | Variables in Customizing and Programming. | | | | If the value of AOF_PRESERVE_EXECUTION_CONTEXT is 0, then | | the following security is required: | | | | The operator IDs for OPCAMSTR and OPCAOPR2 (AUTOPCP and | | AUTOPCE or user specified operator ID) must have the | | appropriate NetView or RACF? authority to use RMTCMD on | | the local system (that is, the system running the TWS | | Controller). NetView or RACF definitions may also be | | required on the remote systems. For more details about | | the NetView or RACF security implications when using | | RMTCMD, please refer to Tivoli NetView Security Reference. | | | | If the value of AOF_PRESERVE_EXECUTION_CONTEXT is 1, | | then the following security is required: | | | | The invoking operator IDs must have the appropriate | | NetView or RACF authority to use RMTCMD on the local | | system (that is, the system running the TWS Controller). | | On the target system, the invoking operator must have the | | ability to switch to the operator IDs for OPCAMSTR and | | OPCAOPR2 (AUTOPCP and AUTOPCE or user specified operator | | ID) and to execute the intended action. NetView or RACF | | definitions may also be required on the remote systems. | | For more details about the NetView or RACF security | | implications when using RMTCMD, please refer to Tivoli | | NetView Security Reference. | | | +--------------------------------------------------------------+
APAR Information
APAR number
OA55859
Reported component name
SYSTEM AUTO Z/O
Reported component ID
5698SA300
Reported release
410
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-07-13
Closed date
2019-02-26
Last modified date
2019-04-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA98699 UA98700
Modules/Macros
AOFSTYLE EVJRYRQ0 EVJRYST0 INGESAF INGRYMSG INGRYSND INGSSAF
SC34271501 | SC34274901 |
Fix information
Fixed component name
SYSTEM AUTO Z/O
Fixed component ID
5698SA300
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSWRCJ","label":"IBM Tivoli System Automation for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"410","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
02 April 2019