IBM Support

PM27255: DFHIS1027 MESSAGE REPORTS SECURITY VIOLATION FOR WRONG USERID

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Within an IPIC enviornment, with USERAUTH coded to IDENTIFY
or VERIFY, a security violation detected against a requesting
userid will result in message DFHIS1027 being issued to report
a security violation against the CICS region default userid.
The security violation (in this case) is expected because the
requesting userid does not have access to the transaction trying
to be run. However, the DFHIS1027 message is reporting the
violation against the CICS default userid. The DFHIS1027 message
should report the userid that actually experienced the violation
.
ADDITIONAL KEYWORDS: MSGDFHIS1027 initialize_receiver
add_user_without_password add_user add user without password
set_user_token set token primary_client_init primary init
usxm_init usxm sec_violation_detected sec detected
.
KIXREVDAM

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All CICS Users                               *
****************************************************************
* PROBLEM DESCRIPTION: IPIC security violation message         *
*                      DFHIS1027 reports the wrong userid.     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The userid reported in the DFHIS1027 message is the
transaction's userid. However, the security violations being
reported by this message occur before the transaction
switches to use the input userid, so at attach time this
message is issued, the transaction is still running with the
default userid. This means that the userid reported in the
DFHIS1027 message is not userid that failed the security check.

    



Problem conclusion


    

  • The code has been changed to save the input userid,
if supplied, and to report this in the DFHIS1027 message
instead, as this will be the userid that failed the security
check. If no userid was supplied or can be obtained, then
'????????' will be displayed.


In the CICS Transaction Server for z/OS Version 4 Release 1
Supplementary Data Areas manual, GC34-7015-02, replace the
following portion of the 'ISSB - IS Session Block'

"Offset Type   Len  Name (dim)       Description
 Hex
(C0) ADDRESS   4   ISSB_SURROGATE_  Token for
                   TERMINAL_TOKEN   surrogate term
(C4) ADDRESS   4   ISSB_RESTART_    Addr of restart
                   DATA_PTR         data
(C8) FULLWORD  4   ISSB_RESTART_    Lengh of restart
                   DATA_LENGTH      data
(CC) ADDRESS   4   ISSB_RS_NEXT     next issb in
                                    remote sheduler
                                    chain
(D0) CHARACTER 8   ISSB_RS_TSQNAME  tsqname for a
                                    remote schedule
(D8) CHARACTER 3   ISSB_FUNCTION_   Function area of
                   AREA             request
(DB) CHARACTER 0   ISSB_FIELDS_TAIL"

 with -:

"Offset Type   Len  Name (dim)       Description
 Hex
(C0) ADDRESS   4   ISSB_SURROGATE_  Token for
                   TERMINAL_TOKEN   surrogate term
(C4) ADDRESS   4   ISSB_RESTART_    Addr of restart
                   DATA_PTR         data
(C8) FULLWORD  4   ISSB_RESTART_    Lengh of restart
                   DATA_LENGTH      data
(CC) ADDRESS   4   ISSB_RS_NEXT     next issb in
                                    remote sheduler
                                    chain
(D0) CHARACTER 8   ISSB_RS_TSQNAME  tsqname for a
                                    remote schedule
(D8) CHARACTER 3   ISSB_FUNCTION_   Function area of
                   AREA             request
(DB) CHARACTER 10  ISSB_INPUT_      userid received
                   USERID           in is8
(E5) CHARACTER 0   ISSB_FIELDS_TAIL"

    



Temporary fix


    

  • FIX AVAILABLE BY PTF ONLY

    



Comments


    

  • 



APAR Information




    

  • APAR number
    PM27255
    • 

  • Reported component name
    CICS TS Z/OS V4
    • 

  • Reported component ID
    5655S9700
    • 

  • Reported release
    600
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2010-11-22
    • 

  • Closed date
    2011-01-13
    • 

  • Last modified date
    2011-02-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PM23147
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK63945
    

    • 



Modules/Macros


    

  •    DESISAL  DESISCO  DESISDM  DESISDUF DESISEM
DESISIC  DESISIF  DESISIS  DESISRE  DESISRR  DESISRS  DESISSR
DESISST  DESISTRI DESISUE  DESISUOW DESISXM  DESISZA  DFHISAL
DFHISALA DFHISALM DFHISALT DFHISBU  DFHISCO  DFHISCOA DFHISCOM
DFHISCOP DFHISCOT DFHISCU  DFHISDCC DFHISDCD DFHISDM  DFHISDUF
DFHISEM  DFHISEMA DFHISEMM DFHISEMP DFHISEMT DFHISIC  DFHISICA
DFHISICM DFHISICT DFHISIS  DFHISISA DFHISISM DFHISIST DFHISJU
DFHISRE  DFHISREA DFHISREM DFHISRET DFHISRR  DFHISRRA DFHISRRM
DFHISRRP DFHISRRT DFHISRS  DFHISSR  DFHISSRA DFHISSRM DFHISSRT
DFHISST  DFHISTRI DFHISUE  DFHISXM  DFHISZA  DFHISZAA DFHISZAM
DFHISZAT

    




Publications Referenced


GC34701502    





Fix information


    

  • Fixed component name
    CICS TS Z/OS V4
    • 

  • Fixed component ID
    5655S9700
    • 



Applicable component levels


    

  • R600  PSY  UK63945
       UP11/01/19  P  F101
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            01 February 2011
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback