IBM Support

PI22267: RACFSYNC CAPABILITY NEEDS TO BE PORTED TO CICS TS VERSION 4

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • This APAR has been taken to back port the new RACFSYNC
    capability, introduced in  CICS TS 5.1, to both CICS TS 4.1 and
    CICS TS 4.2.
    .
    Without this capability, it is possible for the z/OS Dispatcher
    to enter into a spin loop due to an excessive number of SRBs
    created for ENF 71 notification caused by a massive number of
    userid group profile changes made at once (possibly by a batch
    job for example).
    
    Note:
    The RACF notification was introduced in z/OS V1.11. You will
    receive the DFHUS0100 message when you have RACFSYNC=YES
    specified in a CICS region running under z/OS V1.10 or earlier.
    You are encouraged to code RACFSYNC=NO in the SIT after you
    apply the PTFs for APAR PI22267 if you are running with z/OS
    V1.10. Afterwards, you will no longer receive message DFHUS0100
    and dump.
    Additional Symptom(s) Search Keyword(s): KIXREVDAM
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: APAR to add RACFSYNC system             *
    *                      initialization parameter into CICS TS   *
    *                      4.1 and CICS TS 4.2.                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    This APAR adds support for the RACFSYNC system initialization
    parameter into CICS TS 4.1 and CICS TS 4.2. Support for this
    parameter was added in CICS TS 5.1.
    This APAR will also ensure that the mechanism to listen for
    type 71 ENF notifications is completely disabled when
    RACFSYNC=NO is specified.
    

Problem conclusion

  • CICS has been changed to support a new System initialization
    parameter named RACFSYNC. Setting RACFSYNC=NO will disable the
    CICS function which listens for type 71 ENF events.
    The default value is RACFSYNC=YES.
    
    The CICS Transaction Server for z/OS Version 4 Release 1 Data
    Areas ( GC34701403 ) will be updated in table 536 ( SIT system
    initialisation table ) at offset X'F5' as follows :-
    
    Offset Hex  Type      Len     Name (dim)  Description
    
    (F5)        ..1. ....         SITRFSNO    RACFSYNC=NO
    
    
    The CICS Transaction Server for z/OS Version 4 Release 1 System
    Defininition Guide ( SC34699902 ) will be updated in Chapter 16
    ( Specifying CICS system initialization parameters ) in Table 12
    ( System initialization parameters with override options and
    default settings ) with the following new entry :-
    
    Parameter PARM SYSIN System console DFHSIT Default Description
    
    RACFSYNC  YES  YES   NO             YES    YES     Listen for
                                                       type 71 ENF
                                                       events
    
    The following new entry will be added to the same chapter of the
    System Defininition Guide after the entry for QUESTIM :-
    
    RACFSYNC
    The RACFSYNC system initialization parameter specifies whether
    CICS  listens for type 71 ENF events.
    
    RACFSYNC={YES|NO}
    RACF  sends a type 71 ENF signal to listeners when a CONNECT,
    REMOVE, or REVOKE command changes a user's resource
    authorization. When CICS receives a type 71 ENF event for a user
    ID, all cached user tokens for the user ID are invalidated,
    irrespective of the setting of the USRDELAY parameter.
    Subsequent requests from that user ID force a full RACF RACROUTE
    VERIFY request, which results in a refresh of the user's
    authorization level. User tokens for tasks that are currently
    running are not affected.
    
    Note: Specify the RACFSYNC=NO parameter only under direction
    from IBM  Service.
    
    YES
        CICS listens for type 71 ENF events.
    
    NO
        CICS does not listen for type 71 ENF events.
    
    Restrictions: You can specify the RACFSYNC parameter only in the
    system initialization table (SIT), the PARM parameter of the
    EXEC PGM=DFHSIP statement, or the SYSIN data set.
    
    
    The CICS Transaction Server for z/OS Version 4 Release 1
    Upgrading from CICS TS Version 3.2 ( GC34699803 ) will be
    updated in Chapter 19 ( Security updates to monitor RACF Event
    Notifications (ENF) ) with the following appended to the end of
    the chapter :-
    
    If you do not want CICS to monitor for RACF type 71 ENF events,
    that is, how CICS behaved in releases before CICS TS for z/OS,
    Version 4.1, you can use the new RACFSYNC system initialization
    parameter to specify this behavior. Use this parameter only
    under direction from IBM  Service, and only as an aid to
    migration.
    
    RACFSYNC={YES|NO}
    RACF  sends a type 71 ENF signal to listeners when a CONNECT,
    REMOVE, or REVOKE command changes a user's resource
    authorization. When CICS receives a type 71 ENF event for a user
    ID, all cached user tokens for the user ID are invalidated,
    irrespective of the setting of the USRDELAY parameter.
    Subsequent requests from that user ID force a full RACF RACROUTE
    VERIFY request, which results in a refresh of the user's
    authorization level. User tokens for tasks that are currently
    running are not affected.
    
    Note: Specify the RACFSYNC=NO parameter only under direction
    from IBM  Service.
    
    YES
        CICS listens for type 71 ENF events.
    
    NO
        CICS does not listen for type 71 ENF events.
    
    Restrictions: You can specify the RACFSYNC parameter only in the
    system initialization table (SIT), the PARM parameter of the
    EXEC PGM=DFHSIP statement, or the SYSIN data set.
    
    
    The CICS Transaction Server for z/OS Version 4 Release 2 Data
    Areas ( GC34716300 ) will be updated in table 555 ( SIT system
    initialisation table ) at offset X'F5' as follows :-
    
    Offset Hex  Type      Len     Name (dim)  Description
    
    (F5)        ..1. ....         SITRFSNO    RACFSYNC=NO
    
    
    The CICS Transaction Server for z/OS Version 4 Release 2 System
    Defininition Guide ( SC34718501 ) will be updated in Chapter 15
    ( Specifying CICS system initialization parameters ) in Table 10
    ( System initialization parameters with override options and
    default settings ) with the following new entry :-
    
    Parameter PARM SYSIN System console DFHSIT Default Description
    
    RACFSYNC  YES  YES   NO             YES    YES     Listen for
                                                       type 71 ENF
                                                       events
    
    The following new entry will be added to the same chapter of the
    System Defininition Guide after the entry for QUESTIM :-
    
    RACFSYNC
    The RACFSYNC system initialization parameter specifies whether
    CICS  listens for type 71 ENF events.
    
    RACFSYNC={YES|NO}
    RACF  sends a type 71 ENF signal to listeners when a CONNECT,
    REMOVE, or REVOKE command changes a user's resource
    authorization. When CICS receives a type 71 ENF event for a user
    ID, all cached user tokens for the user ID are invalidated,
    irrespective of the setting of the USRDELAY parameter.
    Subsequent requests from that user ID force a full RACF RACROUTE
    VERIFY request, which results in a refresh of the user's
    authorization level. User tokens for tasks that are currently
    running are not affected.
    
    Note: Specify the RACFSYNC=NO parameter only under direction
    from IBM  Service.
    
    YES
        CICS listens for type 71 ENF events.
    
    NO
        CICS does not listen for type 71 ENF events.
    
    Restrictions: You can specify the RACFSYNC parameter only in the
    system initialization table (SIT), the PARM parameter of the
    EXEC PGM=DFHSIP statement, or the SYSIN data set.
    
    
    The CICS Transaction Server for z/OS Version 4 Release 2
    Upgrading from CICS TS Version 3.2 ( GC34718902 ) will be
    updated in Chapter 29 ( Security updates to monitor RACF Event
    Notifications (ENF) ) with the following appended to the end of
    the chapter :-
    
    If you do not want CICS to monitor for RACF type 71 ENF events,
    that is, how CICS behaved in releases before CICS TS for z/OS,
    Version 4.1, you can use the new RACFSYNC system initialization
    parameter to specify this behavior. Use this parameter only
    under direction from IBM  Service, and only as an aid to
    migration.
    
    RACFSYNC={YES|NO}
    RACF  sends a type 71 ENF signal to listeners when a CONNECT,
    REMOVE, or REVOKE command changes a user's resource
    authorization. When CICS receives a type 71 ENF event for a user
    ID, all cached user tokens for the user ID are invalidated,
    irrespective of the setting of the USRDELAY parameter.
    Subsequent requests from that user ID force a full RACF RACROUTE
    VERIFY request, which results in a refresh of the user's
    authorization level. User tokens for tasks that are currently
    running are not affected.
    
    Note: Specify the RACFSYNC=NO parameter only under direction
    from IBM  Service.
    
    YES
        CICS listens for type 71 ENF events.
    
    NO
        CICS does not listen for type 71 ENF events.
    
    Restrictions: You can specify the RACFSYNC parameter only in the
    system initialization table (SIT), the PARM parameter of the
    EXEC PGM=DFHSIP statement, or the SYSIN data set.
    

Temporary fix

  •             *********
                * HIPER *
                *********
    FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PI22267

  • Reported component name

    CICS TS Z/OS V4

  • Reported component ID

    5655S9700

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-07-17

  • Closed date

    2014-09-25

  • Last modified date

    2016-02-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UI21734 UI21735 UI21736 UI21737

Modules/Macros

  •    CJCTNAGC DFHDMDM  DFHDMDMT DFHPADUF DFHPAGP
    DFHPAIN  DFHPAINT DFHPASY  DFHSIT   DFHSIT$$ DFHSIT6$ DFHUSDM
    DFHUSIS  DFHUSIST EYUTNAGC EYUTNAGD
    

Publications Referenced
GC34701403 GC34716300 SC34699902 SC34718501 GC34699803
GC34718902        

Fix information

  • Fixed component name

    CICS TS Z/OS V4

  • Fixed component ID

    5655S9700

Applicable component levels

  • R60M PSY UI21735

       UP14/10/08 P F410 Ž

  • R600 PSY UI21734

       UP14/10/08 P F410 Ž

  • R70M PSY UI21737

       UP14/10/09 P F410 Ž

  • R700 PSY UI21736

       UP14/10/09 P F410 Ž

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: CICS Transaction Server

Software version: 4.1

Reference #: PI22267

Modified date: 28 February 2016