A fix is available
APAR status
Closed as program error.
Error description
You apply one of the following PTFs to your CPSM environment: . Release PTF APAR 4.1 UI40460 PI66813 4.2 UI40461 PI66813 5.1 UI40462 PI66814 5.2 UI40463 PI66814 5.3 UI40464 PI66792 . Afterward, you find security checks being made for the wrong resource names. For example, you retrieve definitions for transactions. That should generate a check against resource BAS.DEF.xxxxx but instead it generates one for BAS.TRAN.xxxxxx. This may result in RACF violations against the new resource names. . The BAS.TRAN.xxxxx or BAS.FILE.xxxxx type resource names, with a resource type in the second node, is only supposed to be used for installing the resources, not viewing them. The BAS.DEF.xxxxxx resource name is what CPSM should be checking when they are viewed. . Additional Symptom(s) Search Keyword(s): KIXREVSVR
Local fix
Temporarily permit RACF access.
Problem summary
**************************************************************** * USERS AFFECTED: All CICSPlex SM V5R1M0, V5R2M0 and V5R3M0 * * Users * **************************************************************** * PROBLEM DESCRIPTION: After applying PTF UI40462 (CPSM 5.1) * * or UI40463 (CPSM 5.2) for APAR PI66814, * * or UI40464 (CPSM 5.3) for APAR PI66792, * * you might not be able to retrieve the * * following resource definitions through * * WUI, CPSM Explorer or CPSM GET API, due * * to security check failure: * * * * ATOMDEF MAPDEF * * BUNDDEF MQCONDEF * * CONNDEF PARTDEF * * DB2CDEF PIPEDEF * * DB2EDEF PROCDEF * * DB2TDEF PROFDEF * * DOCDEF PROGDEF * * EJCODEF PRTNDEF * * EJDJDEF RQMDEF * * ENQMDEF SESDEF * * FENODDEF TCPDEF * * FEPOODEF TDQDEF * * FEPRODEF TERMDEF * * FETRGDEF TRANDEF * * FILEDEF TRNCLDEF * * IPCONDEF TSMDEF * * JRNMDEF TYPTMDEF * * JVMSVDEF URIMPDEF * * LIBDEF WEBSVDEF * * LSRDEF * **************************************************************** * RECOMMENDATION: This fix is being provided across all * * supported releases of CPSM as follows: * * * * - CPSM V4R1M0 - APAR PI79362 * * - CPSM V4R2M0 - APAR PI79362 * * - CPSM V5R1M0 - APAR PI79774 * * - CPSM V5R2M0 - APAR PI79774 * * - CPSM V5R3M0 - APAR PI79774 * * * * After applying the PTF that resolves this * * APAR, all CMASes must be recycled to pick * * up the new code. Note that CMASes do not * * need to be brought down and restarted at * * the same time. * **************************************************************** When you retrieve the BAS resource definitions through WUI, CPSM API or CICS Explorer, method EYU0BAGQ ( BAGQ - BAS Frontend Data Repository Get ) is driven to get requested definitions from the data repository. Prior to the execution of BAGQ, method EYU0CRCK ( CRCK - Access Authority Checking ) is called to check if the user has authority to execute the requested service. CRCK calls method EYU0XLML to build main XLXS and alternative XLXS. Based on the XLXSes, CRCK populates the profile name, and passes it along with other information to RACF for security check. Due to a previous change for APAR PI66814 (CPSM 5.1 and 5.2) and APAR PI66792 (CPSM 5.3), CRCK might populate an incorrect profile name, which causes the failure of RACF security check.
Problem conclusion
Module EYU0CRCK has been updated to populate correct profile name for BAGQ services.
Temporary fix
Comments
APAR Information
APAR number
PI79774
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
80M
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-04-11
Closed date
2017-05-08
Last modified date
2017-06-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI47079 UI47080 UI47081 PI83342
Modules/Macros
EYU0CRCK EYU0XDOX EYU9BAP3 EYU9BAP4 EYU9BAP6 EYU9BAPU EYU9BAR3 EYU9BAR4 EYU9BAR6 EYU9BARU
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R00M PSY UI47081
UP17/05/15 P F705 {
R80M PSY UI47079
UP17/05/15 P F705 {
R90M PSY UI47080
UP17/05/15 P F705 {
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
20 June 2017