A fix is available
APAR status
Closed as program error.
Error description
This APAR has been taken to back port the new RACFSYNC capability, introduced in CICS TS 5.1, to both CICS TS 4.1 and CICS TS 4.2. . Without this capability, it is possible for the z/OS Dispatcher to enter into a spin loop due to an excessive number of SRBs created for ENF 71 notification caused by a massive number of userid group profile changes made at once (possibly by a batch job for example). Note: The RACF notification was introduced in z/OS V1.11. You will receive the DFHUS0100 message when you have RACFSYNC=YES specified in a CICS region running under z/OS V1.10 or earlier. You are encouraged to code RACFSYNC=NO in the SIT after you apply the PTFs for APAR PI22267 if you are running with z/OS V1.10. Afterwards, you will no longer receive message DFHUS0100 and dump. Additional Symptom(s) Search Keyword(s): KIXREVDAM
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All * **************************************************************** * PROBLEM DESCRIPTION: APAR to add RACFSYNC system * * initialization parameter into CICS TS * * 4.1 and CICS TS 4.2. * **************************************************************** * RECOMMENDATION: * **************************************************************** This APAR adds support for the RACFSYNC system initialization parameter into CICS TS 4.1 and CICS TS 4.2. Support for this parameter was added in CICS TS 5.1. This APAR will also ensure that the mechanism to listen for type 71 ENF notifications is completely disabled when RACFSYNC=NO is specified.
Problem conclusion
CICS has been changed to support a new System initialization parameter named RACFSYNC. Setting RACFSYNC=NO will disable the CICS function which listens for type 71 ENF events. The default value is RACFSYNC=YES. The CICS Transaction Server for z/OS Version 4 Release 1 Data Areas ( GC34701403 ) will be updated in table 536 ( SIT system initialisation table ) at offset X'F5' as follows :- Offset Hex Type Len Name (dim) Description (F5) ..1. .... SITRFSNO RACFSYNC=NO The CICS Transaction Server for z/OS Version 4 Release 1 System Defininition Guide ( SC34699902 ) will be updated in Chapter 16 ( Specifying CICS system initialization parameters ) in Table 12 ( System initialization parameters with override options and default settings ) with the following new entry :- Parameter PARM SYSIN System console DFHSIT Default Description RACFSYNC YES YES NO YES YES Listen for type 71 ENF events The following new entry will be added to the same chapter of the System Defininition Guide after the entry for QUESTIM :- RACFSYNC The RACFSYNC system initialization parameter specifies whether CICS listens for type 71 ENF events. RACFSYNC={YES|NO} RACF sends a type 71 ENF signal to listeners when a CONNECT, REMOVE, or REVOKE command changes a user's resource authorization. When CICS receives a type 71 ENF event for a user ID, all cached user tokens for the user ID are invalidated, irrespective of the setting of the USRDELAY parameter. Subsequent requests from that user ID force a full RACF RACROUTE VERIFY request, which results in a refresh of the user's authorization level. User tokens for tasks that are currently running are not affected. Note: Specify the RACFSYNC=NO parameter only under direction from IBM Service. YES CICS listens for type 71 ENF events. NO CICS does not listen for type 71 ENF events. Restrictions: You can specify the RACFSYNC parameter only in the system initialization table (SIT), the PARM parameter of the EXEC PGM=DFHSIP statement, or the SYSIN data set. The CICS Transaction Server for z/OS Version 4 Release 1 Upgrading from CICS TS Version 3.2 ( GC34699803 ) will be updated in Chapter 19 ( Security updates to monitor RACF Event Notifications (ENF) ) with the following appended to the end of the chapter :- If you do not want CICS to monitor for RACF type 71 ENF events, that is, how CICS behaved in releases before CICS TS for z/OS, Version 4.1, you can use the new RACFSYNC system initialization parameter to specify this behavior. Use this parameter only under direction from IBM Service, and only as an aid to migration. RACFSYNC={YES|NO} RACF sends a type 71 ENF signal to listeners when a CONNECT, REMOVE, or REVOKE command changes a user's resource authorization. When CICS receives a type 71 ENF event for a user ID, all cached user tokens for the user ID are invalidated, irrespective of the setting of the USRDELAY parameter. Subsequent requests from that user ID force a full RACF RACROUTE VERIFY request, which results in a refresh of the user's authorization level. User tokens for tasks that are currently running are not affected. Note: Specify the RACFSYNC=NO parameter only under direction from IBM Service. YES CICS listens for type 71 ENF events. NO CICS does not listen for type 71 ENF events. Restrictions: You can specify the RACFSYNC parameter only in the system initialization table (SIT), the PARM parameter of the EXEC PGM=DFHSIP statement, or the SYSIN data set. The CICS Transaction Server for z/OS Version 4 Release 2 Data Areas ( GC34716300 ) will be updated in table 555 ( SIT system initialisation table ) at offset X'F5' as follows :- Offset Hex Type Len Name (dim) Description (F5) ..1. .... SITRFSNO RACFSYNC=NO The CICS Transaction Server for z/OS Version 4 Release 2 System Defininition Guide ( SC34718501 ) will be updated in Chapter 15 ( Specifying CICS system initialization parameters ) in Table 10 ( System initialization parameters with override options and default settings ) with the following new entry :- Parameter PARM SYSIN System console DFHSIT Default Description RACFSYNC YES YES NO YES YES Listen for type 71 ENF events The following new entry will be added to the same chapter of the System Defininition Guide after the entry for QUESTIM :- RACFSYNC The RACFSYNC system initialization parameter specifies whether CICS listens for type 71 ENF events. RACFSYNC={YES|NO} RACF sends a type 71 ENF signal to listeners when a CONNECT, REMOVE, or REVOKE command changes a user's resource authorization. When CICS receives a type 71 ENF event for a user ID, all cached user tokens for the user ID are invalidated, irrespective of the setting of the USRDELAY parameter. Subsequent requests from that user ID force a full RACF RACROUTE VERIFY request, which results in a refresh of the user's authorization level. User tokens for tasks that are currently running are not affected. Note: Specify the RACFSYNC=NO parameter only under direction from IBM Service. YES CICS listens for type 71 ENF events. NO CICS does not listen for type 71 ENF events. Restrictions: You can specify the RACFSYNC parameter only in the system initialization table (SIT), the PARM parameter of the EXEC PGM=DFHSIP statement, or the SYSIN data set. The CICS Transaction Server for z/OS Version 4 Release 2 Upgrading from CICS TS Version 3.2 ( GC34718902 ) will be updated in Chapter 29 ( Security updates to monitor RACF Event Notifications (ENF) ) with the following appended to the end of the chapter :- If you do not want CICS to monitor for RACF type 71 ENF events, that is, how CICS behaved in releases before CICS TS for z/OS, Version 4.1, you can use the new RACFSYNC system initialization parameter to specify this behavior. Use this parameter only under direction from IBM Service, and only as an aid to migration. RACFSYNC={YES|NO} RACF sends a type 71 ENF signal to listeners when a CONNECT, REMOVE, or REVOKE command changes a user's resource authorization. When CICS receives a type 71 ENF event for a user ID, all cached user tokens for the user ID are invalidated, irrespective of the setting of the USRDELAY parameter. Subsequent requests from that user ID force a full RACF RACROUTE VERIFY request, which results in a refresh of the user's authorization level. User tokens for tasks that are currently running are not affected. Note: Specify the RACFSYNC=NO parameter only under direction from IBM Service. YES CICS listens for type 71 ENF events. NO CICS does not listen for type 71 ENF events. Restrictions: You can specify the RACFSYNC parameter only in the system initialization table (SIT), the PARM parameter of the EXEC PGM=DFHSIP statement, or the SYSIN data set.
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PI22267
Reported component name
CICS TS Z/OS V4
Reported component ID
5655S9700
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-07-17
Closed date
2014-09-25
Last modified date
2016-02-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI21734 UI21735 UI21736 UI21737
Modules/Macros
CJCTNAGC DFHDMDM DFHDMDMT DFHPADUF DFHPAGP DFHPAIN DFHPAINT DFHPASY DFHSIT DFHSIT$$ DFHSIT6$ DFHUSDM DFHUSIS DFHUSIST EYUTNAGC EYUTNAGD
GC34701403 | GC34716300 | SC34699902 | SC34718501 | GC34699803 |
GC34718902 |
Fix information
Fixed component name
CICS TS Z/OS V4
Fixed component ID
5655S9700
Applicable component levels
R60M PSY UI21735
UP14/10/08 P F410
R600 PSY UI21734
UP14/10/08 P F410
R70M PSY UI21737
UP14/10/09 P F410
R700 PSY UI21736
UP14/10/09 P F410
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
28 February 2016