PK91639: CISX GET SECURITY VIOLATION MESSAGE DFHIS1027

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• MSG DFHIS1027 occurs when the recover/resync transaction CISX
  flows to CICS. This indicates a security violation due to
  remote attach request for tran CISX does not have a userid.
  Hence the attach of the recover/resync transaction fails to
  execute.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS users.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: Using an IPIC connection with Userauth  *
  *                      Identify causes DFHIS1027 for           *
  *                      transaction CISX.                       *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  DFHISIS recovery/resync has a remote attach request for CISX
  but without a userid for Userauth Identify and without a userid
  and password for Userauth Verify. As authorization has been
  requested the security check fails with msgDFHIS1027. CISX
  should not require authorization.
  

Problem conclusion

• DFHISIS has been changed to exclude CISX from security checking.
  DFH$CAT1 and DFHXSRC have been changed to include CISX as a
  category 1 transaction. A category 1 transaction is never
  associated with a terminal and CICS checks that the region
  userid has authority to attach these transactions.
  
  The CICS Transaction Server for z/OS Version 3 Release 2
  RACF Security Guide SC34-6835-01 will be updated to include
  CISX as a category 1 transaction in table 15 page 141 as
  follows:
  
  Transaction Program   CSD Group Security Description
                                  category
  CISX        DFHISREX  DFHISCIP  1        IPCONN recovery and
                                           resynchronization
                                           transaction for XA
                                           clients
  
  The CICS Transaction Server for z/OS Version 3 Release 2
  Migration from CICS TS Version 1.3 GC34-6855-02 will be
  updated to add CISX in the Additions to CICS RACF category 1
  transactions on page 35.
  
  The CICS Transaction Server for z/OS Version 3 Release 2
  Migration from CICS TS Version 2.2 GC34-6856-02 will be
  updated to add CISX in the Additions to CICS RACF category 1
  transactions on page 28.
  
  The CICS Transaction Server for z/OS Version 3 Release 2
  Migration from CICS TS Version 2.3 GC34-6857-02 will be
  updated to add CISX in the Additions to CICS RACF category 1
  transactions on page 27.
  
  The CICS Transaction Server for z/OS Version 3 Release 2
  Migration from CICS TS Version 3.1 GC34-6858-02 will be
  updated to add CISX in the Additions to CICS RACF category 1
  transactions on page 20.
  
  The CICS Transaction Server for z/OS Resource Definition Guide
  Version 3.2 SC34-6815-02 will be updated to add CISX in
  Appendix B CICS Transactions Supplied by IBM on page 630.
  
  Transaction Program   CSD Group Security Description
                                  category
  CISX        DFHISREX  DFHISCIP  1        IPCONN recovery and
                                           resynchronization
                                           transaction for XA
                                           clients
  
  The CICS Transaction Server for z/OS CICS Supplied Transactions
  Version 3.2 SC34-6817-01 will be updated to add CISX in
  Appendix. List of CICS transactions on page 567.
  
  Transaction Program   CSD Group Security Description
                                  category
  CISX        DFHISREX  DFHISCIP  1        IPCONN recovery and
                                           resynchronization
                                           transaction for XA
                                           clients
  

Temporary fix

• FIX AVAILABLE BY PTF ONLY
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  PK93720 UK51540

Modules/Macros

•    DESISIS  DESXSRC  DESXSUT  DFH$CAT1 DFHISIS
  DFHXSRC
  

Fix information

• Fixed component name

  CICSTS V3 Z/OS

• Fixed component ID

  5655M1500

Applicable component levels

• R500 PSY UK51540

     UP09/11/03 P F911

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.