IBM Support

IC95977: WHEN A PRIVILEGED USER IS RESTRICTED TO A DOMAIN, CERTAIN STEPS MIGHT ALLOW THAT USER ACCESS TO OTHER DOMAINS

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When a privileged user is restricted to a domain, and another
    privileged user takes certain steps, the domain restriction for
    the restricted user might be removed. If this is the only domain
     to which the user was restricted, the user might have the
    ability to log into any domain, including default, and execute
    any command.
    

Local fix

Problem summary

  • An attempt to delete a domain which serves as a domain
    restriction on a privileged user, might allow that privileged
    user to access additional domains on the appliance. This issue
    was caused by an inconsistency in the domain removal procedure.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IC95977

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-09-16

  • Closed date

    2013-10-21

  • Last modified date

    2013-11-11

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R500 PSY

       UP

  • R600 PSY

       UP



Document information

More support for: IBM DataPower Gateways
General

Software version: 5.0.0

Reference #: IC95977

Modified date: 11 November 2013