A fix is available
APAR status
Closed as program error.
Error description
Customer's application issues many EXEC CICS Query Security commands with the LOGMESSAGE(NOLOG) option specified so that security violation messages will not be produced. For example message BST120I being written to the console log and possisbly message DFHXS1111 being written to CICS logs. . These security violation messages are not true violations as a user is not truly trying to access a resource. The query security command is simply making a determination if a user is or is not ABLE to access a resource. . Hundreds to thousands of messages can be produced in this manner and many customers may not wish to have them logged for the reason given above. . The Basic Security Manager (BSM) is being used in this scenario. It was discovered that the BSM does not currently support message suppression. APARs DY46880 (z/VSE 3.1) and DY46812 (z/VSE 4.1) will supply the capability within the BSM. It will require CICS to pass MSGSUPP=YES on the associated RACROUTE call to cause the messages to be suppressed. . . Additional Symptom(s) Search Keyword(s):KIXREVJXD
Local fix
Apply appropriate VSE APAR mentioned above and request usermod DFHXSS.VSERLF from CICS support.
Problem summary
**************************************************************** * USERS AFFECTED: ALL * **************************************************************** * PROBLEM DESCRIPTION: LOGMESSAGE(NOLOG) option of QUERY * * SECURITY fails to suppress Basic * * Security Manager messages when * * querying an external resource. * **************************************************************** * RECOMMENDATION: * **************************************************************** A Customer's application issues many EXEC CICS QUERY SECURITY commands, against an external resource, with the LOGMESSAGE(NOLOG) option. However, the request to suppress security messages is not being honored. Instead the VSE console contains many BST120I messages, each of which details a resource that had been the target of a QUERY SECURITY command. The lack of message suppression is due to there being no support for it in either CICS or z/VSE 3.1.1 or higher. For CICS, the RACROUTE call used to invoke the security manager did not request log message suppression. For z/VSE 3.1.1 or higher, the Basic Security Manager was found not to support this option, even when specified. That omission was corrected by the following VSE PTFs:- UD53333 ( APAR DY46880 ) - z/VSE V3.1 UD53271 ( APAR DY46812 ) - z/VSE V4.1 Additional Keyword: DFHXSS BSM msgBST120I
Problem conclusion
Module DFHXSSC has been amended. The MSGSUP=YES option has been added to the RACROUTE call used when log message suppression has been requested.
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PK63063
Reported component name
CICSTS FOR VSE
Reported component ID
564805400
Reported release
B0P
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-03-20
Closed date
2008-05-30
Last modified date
2008-11-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK36931
Modules/Macros
DESXSSC DFHXSSC
Fix information
Fixed component name
CICSTS FOR VSE
Fixed component ID
564805400
Applicable component levels
RB0P PSY UK36931
UP08/05/30 P E420
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
10 November 2008