A fix is available
APAR status
Closed as program error.
Error description
ICH408I message issued when upgrading to CICS Liberty 17.0.0.4 . for CJSA transaction saying insufficient access authority, access intent is read, access allowed is none. The problem is that Liberty 17.0.0.4 created a thread internally (com.ibm.ws.webcontainer.osgi.WebContainer$3) as part of its bundle install work. This causes CICS to attach a task because it is not on CICS Liberty internal threads list. When the task is attempted to be attached using the CICS default userid, the RACF error is produced.
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users. * **************************************************************** * PROBLEM DESCRIPTION: Security violation against the region * * default USERID to attach CJSA when * * installing a Bundle into a Liberty * * JVM server. * **************************************************************** When a Bundle is installed into a Liberty JVM server an internal Liberty thread is created and CICS attempts to attach a CICS task. A CJSA task is attempted to be attached using the default userid of the CICS region. This causes a ICH408I RACF error to occur in the joblog.
Problem conclusion
UI53794 UI53795 UI53798 UI53800 CICS has been changed to mark com.ibm.ws.webcontainer.osgi.WebContainer$3 as an internal Liberty thread.
Temporary fix
Comments
APAR Information
APAR number
PI98663
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
900
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-06-01
Closed date
2018-07-25
Last modified date
2018-08-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI57484 UI57485 UI57486 UI57487 UI57488 UI57489 UI57490 UI57491
Modules/Macros
DFHWLPAX DFJ@H356 DFJ@H387
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R00D PSY UI57488
UP18/07/27 P F807 {
R10D PSY UI57490
UP18/07/27 P F807 {
R80D PSY UI57484
UP18/07/27 P F807 {
R90D PSY UI57486
UP18/07/27 P F807 {
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 August 2018