A fix is available
APAR status
Closed as program error.
Error description
You apply one of the following PTFs to your CPSM environment: . Release PTF APAR 4.1 UI40460 PI66813 4.2 UI40461 PI66813 5.1 UI40462 PI66814 5.2 UI40463 PI66814 5.3 UI40464 PI66792 . Afterward, you find security checks being made for the wrong resource names. For example, you retrieve definitions for transactions. That should generate a check against resource BAS.DEF.xxxxx but instead it generates one for BAS.TRAN.xxxxxx. This may result in RACF violations against the new resource names. . The BAS.TRAN.xxxxx or BAS.FILE.xxxxx type resource names, with a resource type in the second node, is only supposed to be used for installing the resources, not viewing them. The BAS.DEF.xxxxxx resource name is what CPSM should be checking when they are viewed. . Additional Symptom(s) Search Keyword(s): KIXREVSVR
Local fix
Temporarily permit RACF access.
Problem summary
**************************************************************** * USERS AFFECTED: All CICSPlex SM V4R1M0 and V4R2M0 Users * **************************************************************** * PROBLEM DESCRIPTION: After applying PTF UI40460 (CPSM 4.1) * * or UI40461 (CPSM 4.2) for APAR PI66813, * * you might not be able to retrieve the * * following resource definitions through * * WUI, CPSM Explorer or CPSM GET API, due * * to security check failure: * * * * ATOMDEF MAPDEF * * BUNDDEF MQCONDEF * * CONNDEF PARTDEF * * DB2CDEF PIPEDEF * * DB2EDEF PROCDEF * * DB2TDEF PROFDEF * * DOCDEF PROGDEF * * EJCODEF PRTNDEF * * EJDJDEF RQMDEF * * ENQMDEF SESDEF * * FENODDEF TCPDEF * * FEPOODEF TDQDEF * * FEPRODEF TERMDEF * * FETRGDEF TRANDEF * * FILEDEF TRNCLDEF * * IPCONDEF TSMDEF * * JRNMDEF TYPTMDEF * * JVMSVDEF URIMPDEF * * LIBDEF WEBSVDEF * * LSRDEF * **************************************************************** * RECOMMENDATION: This fix is being provided across all * * supported releases of CPSM as follows: * * * * - CPSM V4R1M0 - APAR PI79362 * * - CPSM V4R2M0 - APAR PI79362 * * - CPSM V5R1M0 - APAR PI79774 * * - CPSM V5R2M0 - APAR PI79774 * * - CPSM V5R3M0 - APAR PI79774 * * * * After applying the PTF that resolves this * * APAR, all CMASes must be recycled to pick * * up the new code. Note that CMASes do not * * need to be brought down and restarted at * * the same time. * **************************************************************** When you retrieve the BAS resource definitions through WUI, CPSM API or CICS Explorer, method EYU0BAGQ ( BAGQ - BAS Frontend Data Repository Get ) is driven to get requested definitions from the data repository. Prior to the execution of BAGQ, method EYU0CRCK ( CRCK - Access Authority Checking ) is called to check if the user has authority to execute the requested service. CRCK calls method EYU0XLML to build main XLXS and alternative XLXS. Based on the XLXSes, CRCK populates the profile name, and passes it along with other information to RACF for security check. Due to a previous change for APAR PI66813, CRCK might populate an incorrect profile name, which causes the failure of RACF security check.
Problem conclusion
Module EYU0CRCK has been updated to populate correct profile name for BAGQ services.
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PI79362
Reported component name
CICS TS Z/OS V4
Reported component ID
5655S9700
Reported release
60M
Status
CLOSED PER
PE
YesPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-04-04
Closed date
2017-05-08
Last modified date
2017-06-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PI79774 UI47048 UI47049
Modules/Macros
EYU0CRCK EYU0XDOX EYU9BAPU EYU9BAP3 EYU9BAP4 EYU9BAP6
Fix information
Fixed component name
CICS TS Z/OS V4
Fixed component ID
5655S9700
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 June 2017