A fix is available
APAR status
Closed as program error.
Error description
In CICS 5.4, the CPSM MAS agent tasks were converted from user tasks to CICS Category 1 system tasks. CICS already checks during its startup to make sure that the CICS region userid has sufficient authority in RACF (or the current External Security Manager) to run all Category 1 transactions. Because of this, CPSM no longer needs to duplicate the efforts when the MAS agent code starts. . Additional Symptom(s) Search Keyword(s): KIXREVxxx
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICSPlex SM V5R4M0 Users. * **************************************************************** * PROBLEM DESCRIPTION: One or more EYUNX0102E messages may be * * issued during the start of the CPSM * * agent in a MAS or SMSS region, * * indicating that the security definition * * for one or more CPSM transactions is * * incorrect. The text of the messages * * will be similar to the following: * * * * EYUNX0102E Security profile for * * TRANSATTACH <tranid> is * * incorrect: * * READ=NOTREADABLE. * * * * If this occurs, the messages will be * * followed by message EYUNX0103E, * * * * EYUNX0103E Incorrect security * * profile for one or more * * resources. MAS * * initialization is * * terminating. * * * * and CPSM agent initialization will * * terminate. * **************************************************************** * RECOMMENDATION: After applying the PTF that resolves this * * APAR, all MASes, including MASes running as * * WUI servers, must be restarted. Note that * * the restarts do not need to occur at the * * same time. * **************************************************************** When the CPSM agent initializes in a MAS or SMSS, module EYU9NXLM (MAS) or EYU9NXRM (SMSS) is performing security checks to verify that the CPSM transactions that are internally started have the correct authorization. This check is against the PLTPIUSR ID (if specified) or the region user ID. With CICS TS V5.4, all CPSM agent transactions that are internally started in a MAS and SMSS that is running CICS 710 have been changed to CICS Category 1 transactions, and will run under the region user ID. If PLTPIUSR is specified for a MAS or SMSS region running CICS 710, and that user ID does not have the same authorization as the region user ID, then EYU9NXLM or EYU9NXRM may invalidly issue message EYUNX0102E for each transaction, and fail CPSM agent initialization with message EYUNX0103E.
Problem conclusion
With CICS TS V5.4, the CPSM MAS and SMSS transactions that are now defined as CICS Category 1 transactions are now subject to authorization checking performed by CICS at region start up so there is no need for CPSM to perform authorization checks for them in EYU9NXLM and EYU9NXRM when the MAS or SMSS is running CICS release 710. As such, the following updates have been made: - Since a CPSM MAS running CICS TS V5.4 could be running CICS 710 or previous, a conditional check has been added to EYU9NXLM to only perform CPSM transaction authorization checking if the CICS release is 700 or lower. - Since a CPSM SMSS running CICS TS V5.4 must be running CICS 710, the CPSM transaction authorization checking has been removed from EYU9NXRM. Note that when the MAS or SMSS is running CICS 710, and the CICS authorization checking for CPSM MAS or SMSS transactions fails, CICS will issue messages DFHXS1111 and DFHXS1113 to document this and fail region initialization.
Temporary fix
Comments
APAR Information
APAR number
PI85774
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
10M
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / CST / Xsystem
Submitted date
2017-08-10
Closed date
2017-10-17
Last modified date
2017-11-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI51214
Modules/Macros
CJF9NXLM CJG9NXLM CJH9NXLM EYU9NXLM EYU9NXRM EYUE3516 EYUK3516 EYUS3516
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R10M PSY UI51214
UP17/10/20 P F710
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
08 November 2017