PM96242: WMQ MQRC_NOT_AUTHORIZED ( MQRC 2035 ) IS RETURN ON TOPIC OPEN BUT NO OTHER MESSAGES ARE GENERATED TO INDICATE A FAILURE

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • On topic open only MQRC_NOT_AUTHORIZED ( MQRC 2035 ) is returned
    without any other messages to indicate what object an
    application is not authorized for. In the APARed instance it
    appears that the reason for this was that there were no
    suitable topic nodes to perform a security check against thus no
    security check was issued. No ICH408I messages were generated
    by RACF.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 7 *
    *                 Release 0 Modification 1 and Release 1       *
    *                 Modification 0.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: No security check occurs on the root    *
    *                      node of the topic tree if authority was *
    *                      not granted by any topic objects, and   *
    *                      SYSTEM.BASE.TOPIC does not exist.       *
    *                      No ICH408I message is issued for the    *
    *                      xxxx.PUBLISH.SYSTEM.BASE.TOPIC or       *
    *                      xxxx.SUBSCRIBE.SYSTEM.BASE.TOPIC.       *
    *                                                              *
    *                      The application opening the topic fails *
    *                      with MQRC_NOT_AUTHOIRZED.               *
    *                      If no relevant topic objects exist for  *
    *                      the topic being opened, no ICH408I      *
    *                      messages appear to indicate what        *
    *                      authority is needed.                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When opening a topic, a security check takes place on each
    administrative topic node (i.e. node with an associated TOPIC
    object) between the topic and the root node of the topic tree,
    until access is granted, or the root node is reached.
    If the root node is reached, because no suitable topic objects
    existed, or access had not been granted by a suitable topic
    object, authorization should be based on the profile for
    object 'SYSTEM.BASE.TOPIC'.
    If this topic object does not exist, the queue manager should
    behave as if it exists with default values, however in this
    situation no security check is issued and the call fails
    MQRC_NOT_AUTHORIZED, even if the application has the
    correct access to the profile for SYSTEM.BASE.TOPIC.
    

Problem conclusion

  • Open processing is changed to always check if an application has
    access to SYSTEM.BASE.TOPIC if access has not already been
    granted by a topic object lower in the topic tree, even if topic
    object SYSTEM.BASE.TOPIC does not exist.
    010Y
    100Y
    CSQMOPEN
    CSQMOPNI
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM96242

  • Reported component name

    WMQ Z/OS V7

  • Reported component ID

    5655R3600

  • Reported release

    010

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-09-02

  • Closed date

    2013-09-12

  • Last modified date

    2013-11-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK97472 UK97473

Modules/Macros

  •    CSQMOPEN CSQMOPNI
    

Fix information

  • Fixed component name

    WMQ Z/OS V7

  • Fixed component ID

    5655R3600

Applicable component levels

  • R010 PSY UK97472

       UP13/10/16 P F310

  • R100 PSY UK97473

       UP13/10/16 P F310

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Rate this page:

(0 users)Average rating

Document information


More support for:

z/OS family

Software version:

7.0.1

Reference #:

PM96242

Modified date:

2013-11-04

Translate my page

Machine Translation

Content navigation