IBM Support

PI83342: CPSM SECURITY CHECKS ON INCORRECT RESOURCE NAME AFTER PTF APPLIED 17/06/20 PTF PEREMOVE

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • You apply one of the following PTFs to your CPSM environment:
.
Release    PTF        APAR
4.1        UI40460    PI66813
4.2        UI40461    PI66813
5.1        UI40462    PI66814
5.2        UI40463    PI66814
5.3        UI40464    PI66792
.
Afterward, you find security checks being made for the wrong
resource names. For example, you retrieve definitions for
transactions. That should generate a check against resource
BAS.DEF.xxxxx but instead it generates one for BAS.TRAN.xxxxxx.
This may result in RACF violations against the new resource
names.
.
The BAS.TRAN.xxxxx or BAS.FILE.xxxxx type resource names, with
a resource type in the second node, is only supposed to be used
for installing the resources, not viewing them. The
BAS.DEF.xxxxxx resource name is what CPSM should be checking
when they are viewed.
.
Additional Symptom(s) Search Keyword(s): KIXREVSVR

Local fix

  • Temporarily permit RACF access.

Problem summary

  • ****************************************************************
* USERS AFFECTED: All CICSPlex SM V5R4M0 Users                 *
****************************************************************
* PROBLEM DESCRIPTION: You might not be able to retrieve the   *
*                      following resource definitions through  *
*                      WUI, CPSM Explorer or CPSM GET API, due *
*                      to security check failure:              *
*                                                              *
*                      ATOMDEF         MAPDEF                  *
*                      BUNDDEF         MQCONDEF                *
*                      CONNDEF         PARTDEF                 *
*                      DB2CDEF         PIPEDEF                 *
*                      DB2EDEF         PROCDEF                 *
*                      DB2TDEF         PROFDEF                 *
*                      DOCDEF          PROGDEF                 *
*                      EJCODEF         PRTNDEF                 *
*                      EJDJDEF         RQMDEF                  *
*                      ENQMDEF         SESDEF                  *
*                      FENODDEF        TCPDEF                  *
*                      FEPOODEF        TDQDEF                  *
*                      FEPRODEF        TERMDEF                 *
*                      FETRGDEF        TRANDEF                 *
*                      FILEDEF         TRNCLDEF                *
*                      IPCONDEF        TSMDEF                  *
*                      JRNMDEF         TYPTMDEF                *
*                      JVMSVDEF        URIMPDEF                *
*                      LIBDEF          WEBSVDEF                *
*                      LSRDEF          MQMONDEF                *
****************************************************************
* RECOMMENDATION: After applying the PTF that resolves this    *
*                 APAR, all CMASes must be recycled to pick    *
*                 up the new code.  Note that CMASes do not    *
*                 need to be brought down and restarted at     *
*                 the same time.                               *
****************************************************************
When you retrieve the BAS resource definitions through WUI, CPSM
API or CICS Explorer, method EYU0BAGQ ( BAGQ - BAS Frontend Data
Repository Get ) is driven to get requested definitions from the
data repository.

Prior to the execution of BAGQ, method EYU0CRCK ( CRCK - Access
Authority Checking ) is called to check if the user has
authority to execute the requested service. CRCK calls method
EYU0XLML to build main XLXS and alternative XLXS. Based on the
XLXSes, CRCK populates the profile name, and passes it along
with other information to the external security manager for
checking.

CRCK might populate an incorrect profile name, which can result
in invalid results from the external security manager
processing.

Problem conclusion

  • Module EYU0CRCK has been updated to populate correct profile
name for BAGQ services.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI83342
    • 

  • Reported component name
    CICS TS Z/OS V5
    • 

  • Reported component ID
    5655Y0400
    • 

  • Reported release
    10M
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    YesHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-06-20
    • 

  • Closed date
    2017-09-05
    • 

  • Last modified date
    2017-10-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PI79774
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI50068
    

    • 



Modules/Macros


    

  • EYU0CRCK

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V5
    • 

  • Fixed component ID
    5655Y0400
    • 



Applicable component levels


    

  • R10M  PSY  UI50068
       UP17/09/08  P  F709  ¢
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 October 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback