A fix is available
APAR status
Closed as new function.
Error description
Z/OSMF Workflows Security.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM z/OSMF Workflows task, * * Version 2 Release 1 and Version 2 Release 2. * **************************************************************** * PROBLEM DESCRIPTION: This APAR provides new functions * * in z/OSMF Version 2 Release 1 and * * Version 2 Release 2. * **************************************************************** * RECOMMENDATION: * **************************************************************** This APAR provides new functions in z/OSMF Version 2 Release 1 and Version 2 Release 2. 1. Access type is a new security control for workflows, which is used to control what the user is permitted to see and modify in various sections of the workflow. The access type is specified by the workflow owner at workflow creation time. The valid values for access type are summarized, as follows: (1) Public: Workflow information and step information can be viewed by all users. (2) Restricted: Workflow information and step information is restricted to a subset of users-the workflow owner, step owners, and step assignees. Other users cannot access this information. (3) Private: Workflow information is restricted to a subset of users, and is further limited among these users. Workflow information is accessible to the workflow owner. The steps information is accessible to the step owner and step assignees for the particular step. Other users cannot access this information. 2. When you specify an access type for a workflow, you control user access to workflow notes and step notes. A workflow with a public access type imposes no restrictions on who can view the workflow notes and step notes. A workflow with a restricted or private access type is more secure, and requires the user to be a workflow owner, step owner, or step assignee to view or modify notes. The notes data structure is changed from text box to a table. The effects of access type on user access to notes is described, as follows: (1) Public: The workflow notes and step notes can be viewed by all z/OSMF users. Only the workflow owner, step owners and step assignees can modify the workflow notes. (2) Restricted: The workflow notes and step notes can be viewed only by the workflow owner, step owners, and step assignees. Only the workflow owner can modify workflow notes. The workflow owner, step owner, or step assignees can view all of the step notes. (3) Private: The workflow owner can view all workflow notes and step notes. Only the workflow owner can modify workflow notes. The step notes can be viewed only by the step owner or step assignees for the particular step. 3. A user having read access level on profile IZUDFLT.ZOSMF.WORKFLOW.ADMIN can change the owner of any workflow instances, even if they are not the owner of the current workflow instance. Usually a user can be connected to z/OSMF administrator security group in order to get the permission. 4. Enhancements are made to the z/OSMF workflow services API, as follows: The following services are updated in support of the access type: Create workflow Get workflow properties List workflows
Problem conclusion
Temporary fix
Comments
------------- ENHANCEMENTS ------------- 1. Access type is a new security control for workflows, which is used to control what the user is permitted to see and modify in various sections of the workflow. The access type is specified by the workflow owner at workflow creation time. The valid values for access type are summarized, as follows: (1) Public: Workflow information and step information can be viewed by all users. (2) Restricted: Workflow information and step information is restricted to a subset of users-the workflow owner, step owners, and step assignees. Other users cannot access this information. (3) Private: Workflow information is restricted to a subset of users, and is further limited among these users. Workflow information is accessible to the workflow owner. The steps information is accessible to the step owner and step assignees for the particular step. Other users cannot access this information. 2. When you specify an access type for a workflow, you control user access to workflow notes and step notes. A workflow with a public access type imposes no restrictions on who can view the workflow notes and step notes. A workflow with a restricted or private access type is more secure, and requires the user to be a workflow owner, step owner, or step assignee to view or modify notes. The notes data structure is changed from text box to a table. The effects of access type on user access to notes is described, as follows: (1) Public: The workflow notes and step notes can be viewed by all z/OSMF users. Only the workflow owner, step owners and step assignees can modify the workflow notes. (2) Restricted: The workflow notes and step notes can be viewed only by the workflow owner, step owners, and step assignees. Only the workflow owner can modify workflow notes. The workflow owner, step owner, or step assignees can view all of the step notes. (3) Private: The workflow owner can view all workflow notes and step notes. Only the workflow owner can modify workflow notes. The step notes can be viewed only by the step owner or step assignees for the particular step. 3. A user having read access level on profile IZUDFLT.ZOSMF.WORKFLOW.ADMIN can change the owner of any workflow instances, even if they are not the owner of the current workflow instance. Usually a user can be connected to z/OSMF administrator security group in order to get the permission. With this APAR, workflow notes and step notes are changed to use a new internal data format that is not compatible with the previous format. Therefore, it is recommended that you save any notes that you want to retain before you apply the PTF for this APAR. 4. Enhancements are made to the z/OSMF workflow services API, as follows: The following services are updated in support of the access type: Create workflow Get workflow properties List workflows -------- ----- DOCUMENTS UPDATES ------------------------------ The z/OSMF Programming Guide will be changed on March 25, 2016, as follows: In Chapter 1, the following services are updated in support of the workflow access type: Create workflow Get workflow properties List workflows ------------- MESSAGE UPDATES ------------------------------- The following messages have been added: IZUWF0017W IZUWF0266I IZUWF00267I IZUWF0270W IZUWF0271E IZUWF0272E IZUWF0280E IZUWF0281E IZUWF0282E IZUWF0283E IZUWF0284E IZUWF0285E IZUWF0287E IZUWF5013W
APAR Information
APAR number
PI56621
Reported component name
Z/OSMF WORFKLOW
Reported component ID
5655S2807
Reported release
227
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2016-02-04
Closed date
2016-03-15
Last modified date
2016-04-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PI56641 UI35926 UI35927
Modules/Macros
IZUWFAAA IZUWFBAA IZUWFBAB IZUWFBAC IZUWFBAD IZUWFBAE IZUWFBAF IZUWFBAG IZUWFBAH IZUWFBAI IZUWFBAJ IZUWFBAK IZUWFBAL IZUWFBAM IZUWFBAN IZUWFBAO IZUWFCAA IZUWFCAB IZUWFDAA IZUWFDAB IZUWFDAC
SA32106600 | SC27842000 |
Fix information
Fixed component name
Z/OSMF WORFKLOW
Fixed component ID
5655S2807
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"227","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"227","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 April 2016