Release notes

IBM® Security zSecure Manager for RACF z/VM 2.5.1 is available. Read this document to find important installation information. You can also learn about compatibility issues, limitations, and known problems.

For information about the new features for zSecure Manager for RACF® z/VM® 2.5.1, see What's new.

All zSecure Manager for RACF z/VM publications are now publicly available through zSecure Manager for RACF z/VM on IBM Documentation. For details about the zSecure Manager for RACF z/VM publications, see zSecure Manager for RACF z/VM library.

If you are upgrading from a version of zSecure Manager for RACF z/VM that is older than 1.11.2, also see the Release notes for the versions that you skipped for zSecure Manager for RACF z/VM.

This document consists of the following sections:

Announcement

The zSecure Manager for RACF z/VM 2.5.1 announcement includes information about the following topics:
  • Description
  • Technical information
  • Ordering information
  • Terms and conditions

System requirements

zSecure Manager for RACF z/VM requires an IBM Z server that is capable of supporting IBM z/VM 7.1, or later. For program and space requirements, DASD storage and user ID requirements, see the Program Directory.

Installation

For installation instructions, see the Program Directory.

For a complete installation roadmap on all steps to install, configure, and deploy a new installation of or an upgrade to zSecure Manager for RACF z/VM 2.5.1, see the zSecure Manager for RACF z/VM Installation and Deployment Guide.

All zSecure Manager for RACF z/VM publications are available with the product and at the IBM Documentation for zSecure Manager for RACF z/VM.

Incompatibility warnings

PROTECTED_ZVM was removed
The PROTECTED_ZVM variable was removed from the C2RXDEF1 include member. PROTECTED_ZVM was the equivalent of the PROTECTED variable for RACF for z/VM databases. You can now use the built-in field PROTECTED for both z/VM and z/OS®.
Multi-line mixed SBCS/DBCS strings
With previous versions of the CARLa Command Language, within a string literal crossing a line boundary, if a line ended with a shift-in character and an optional space, and if the next line started with a shift-out character, the shift-in character, optional space, and shift-out character were trimmed away by the parser. This trimming behavior has been extended as follows.

Within a string literal crossing a line boundary, if a continuation line starts with a shift-out (SO) character, optionally preceded by SBCS (Single-byte Character Set) space characters, lines immediately preceding this line are trimmed away if they entirely consist of SBCS spaces. Trailing SBCS spaces in the line before these blank lines, if any, are trimmed away as well. If the trimmed line ends with a shift-in (SI) character and the continuation line starts with an SO character, these SI and SO characters are trimmed away, too.

For more information, see Syntax rules in zSecure CARLa Command Reference.

Show differences
To make it easier to use Show differences, an allocation (ALLOC statement) with FUNCTION=BASE that has no VERSION specified, will now automatically be set to VERSION=BASE. This can affect how CKFREEZE files are matched with security databases.
TYPE=TRUSTED field USERID_PRIVILEGE
For the USERID_PRIVILEGE field in the TRUSTED newlist, the value Operation has changed to Operations. If you have written your own TRUSTED queries, you might need to adjust the SELECTion.
Using SUMMARY CARLa function, fixed values are repeated for each level of output
As a result of this code change, literal values are no longer repeated on each summary level, but are only included on the level were they are used in the code.
One UNLOAD allocation allowed per complex-version combination
zSecure Manager for RACF z/VM now supports only one security database source per complex name. Use different complex names for different security databases or single UNLOAD statements.
NEWLIST TYPE=RACF field TUPT
The default width for field TUPT increased by 1 (one) to accommodate an 8-character TSO user prefix.
Using RECREATE CARLa members in locally developed scripts
CARLa members in SCKRCARL for the RECREATE functions in zSecure Manager for RACF z/VM have changed. If you include members starting with CKRXC or CKRXR in your locally developed CARLa scripts or batch jobs, be aware of changes in these members.

The newlist names that are used to select profiles in CKRXRACR have changed from DACL and RACL to REFRSEL. CKRXCRE and CKRXCREE now require a defined field RECREATE_CLASS instead of NEW_CLASS, to align with the RECREATE_KEY field.

CKRXRRE and CKRXRREE have the same support to specify the class name externally, so RECREATE_CLASS must be defined before including these members in your CARLa job.

When you recreate profiles to the same class, add the following line to your calling CARLa program: 
DEFINE RECREATE_CLASS(8) AS CLASS
When you copy profiles to the another class, add the following line to your calling CARLa program, where newclass is the destination class name: 
DEFINE RECREATE_CLASS(8,HDR$BLANK,"newclass") TRUE

Migration consideration

The recommendation is that the production disk not be in SFS. For other program installation and service considerations, see the Program Directory.

Limitations and known problems

At the time of publication of this document, no problems exist. Limitations and problems that arise after publication are documented in technotes. Therefore, regularly scan for updates on zSecure Manager for RACF z/VM at IBM's Search support and downloads site.

You might also want to scan the recommended fixes for zSecure Manager for RACF z/VM at IBM Support. Some of these fixes introduce new functions and features.