Fixes are available
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
If a user is mapped as the runAs role for an application, it should not be possible to remove them from the corresponding requisite security role for that application. Currently the console prevents this from happening by performing a check each time a user or group is mapped to or from a security role; however, it does not perform a check when a Special Subject mapping is removed. If the runAs role user is implicitly mapped to the security role through a Special Subject, and that Special Subject mapping is removed, this puts the applicable into an unusable state.
Local fix
Manually verify that the RunAs user is also mapped to an application security role.
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server using the administrative console to * * manage applications with roles and runAs * * roles. * **************************************************************** * PROBLEM DESCRIPTION: Administrator is able to set special * * subjects to none when users in roles * * are still mapped to runAs roles. * **************************************************************** * RECOMMENDATION: * **************************************************************** RunAs roles are no good when user is removed from role and special subjects is set to non on Map User to Roles application panel.
Problem conclusion
Checked for users still mapped to runAs roles before allowing special subjects to be set to none. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.4. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI16046
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-04-15
Closed date
2014-08-18
Last modified date
2014-08-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R850 PSY
UP
Document Information
Modified date:
28 April 2022