A fix is available
APAR status
Closed as program error.
Error description
Within an IPIC enviornment, with USERAUTH coded to IDENTIFY or VERIFY, a security violation detected against a requesting userid will result in message DFHIS1027 being issued to report a security violation against the CICS region default userid. The security violation (in this case) is expected because the requesting userid does not have access to the transaction trying to be run. However, the DFHIS1027 message is reporting the violation against the CICS default userid. The DFHIS1027 message should report the userid that actually experienced the violation . ADDITIONAL KEYWORDS: MSGDFHIS1027 initialize_receiver add_user_without_password add_user add user without password set_user_token set token primary_client_init primary init usxm_init usxm sec_violation_detected sec detected . KIXREVDAM
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users * **************************************************************** * PROBLEM DESCRIPTION: IPIC security violation message * * DFHIS1027 reports the wrong userid. * **************************************************************** * RECOMMENDATION: * **************************************************************** The userid reported in the DFHIS1027 message is the transaction's userid. However, the security violations being reported by this message occur before the transaction switches to use the input userid, so at attach time this message is issued, the transaction is still running with the default userid. This means that the userid reported in the DFHIS1027 message is not userid that failed the security check.
Problem conclusion
The code has been changed to save the input userid, if supplied, and to report this in the DFHIS1027 message instead, as this will be the userid that failed the security check. If no userid was supplied or can be obtained, then '????????' will be displayed. In the CICS Transaction Server for z/OS Version 3 Release CICS Supplementary Data Areas manual, GC34-6864-02,replace the following portion of the 'ISSB - IS Session Block' "Offset Type Len Name (dim) Description Hex (A0) FULLWORD 4 ISSB_MSG_SEQNO last msg sequence no. sent/received (A4) CHARACTER 2 ISSB_COMMAND conversation level command in progress (A6) UNSIGNED 2 ISSB_CHAIN_SEQ_S last chain sequence no. sent (A8) UNSIGNED 2 ISSB_CHAIN_SEQ_R last chain sequence no. received (AA) UNSIGNED 2 ISSB_CCSID client ccsid (0=no conversion) (AC) UNSIGNED 1 ISSB_CHAIN_COUNT no.of chain elems since pacing sent (AD) CHARACTER 0 ISSB_FIELDS_TAIL" with:- "Offset Type Len Name (dim) Description Hex (A0) FULLWORD 4 ISSB_MSG_SEQNO last msg sequence no. sent/received (A4) CHARACTER 2 ISSB_COMMAND conversation level command in progress (A6) UNSIGNED 2 ISSB_CHAIN_SEQ_S last chain sequence no. sent (A8) UNSIGNED 2 ISSB_CHAIN_SEQ_R last chain sequence no. received (AA) UNSIGNED 1 * (AB) UNSIGNED 1 ISSB_CHAIN_COUNT no.of chain elems since pacing sent (AC) UNSIGNED 2 ISSB_CCSID client ccsid (0=no conversion -1=use CLINTCP) (B0) CHARACTER 10 ISSB_INPUT_USERID userid received in is8 (BA) CHARACTER 0 ISSB_FIELDS_TAIL"
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM23147
Reported component name
CICSTS V3 Z/OS
Reported component ID
5655M1500
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-09-23
Closed date
2010-12-29
Last modified date
2011-01-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PM27255 UK63543
Modules/Macros
DESISAL DESISCO DESISDM DESISDUF DESISEM DESISIC DESISIF DESISIS DESISRE DESISRR DESISSR DESISST DESISTRI DESISUE DESISUOW DESISXM DESISZA DFHISAL DFHISALA DFHISALM DFHISALT DFHISBU DFHISCO DFHISCOA DFHISCOM DFHISCOP DFHISCOT DFHISCU DFHISDCC DFHISDM DFHISDUF DFHISEM DFHISEMA DFHISEMM DFHISEMP DFHISEMT DFHISIC DFHISICA DFHISICM DFHISICT DFHISIS DFHISISA DFHISISM DFHISIST DFHISJU DFHISRE DFHISREA DFHISREM DFHISRET DFHISRR DFHISRRA DFHISRRM DFHISRRP DFHISRRT DFHISSR DFHISSRA DFHISSRM DFHISSRT DFHISST DFHISTRI DFHISUE DFHISXM DFHISZA DFHISZAA DFHISZAM DFHISZAT
GC34686402 |
Fix information
Fixed component name
CICSTS V3 Z/OS
Fixed component ID
5655M1500
Applicable component levels
R500 PSY UK63543
UP10/12/31 P F012
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
14 January 2011