A fix is available
APAR status
Closed as program error.
Error description
Loop in CKROUACC.CONNAUTH when a group ownership loop exists in the RACF database. This loop can also occur when using a zSecure Unload as input, if the original RACF DB contains such a group ownership loop.
Local fix
Correct group ownership loop.
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Audit and Access Monitor * * processing RACF data with profile group * * ownership loop(s). * **************************************************************** * PROBLEM DESCRIPTION: zSecure Audit and Access Monitor * * (reporting function) might go into an * * infinite loop in cases where RACF data * * being processed have profile group * * ownership loop(s). * **************************************************************** * RECOMMENDATION: Apply the PTF provided. * **************************************************************** When RACF profile group ownership loop(s) exist(s) in the RACF data being processed, the zSecure Audit and Access Monitor might enter an infinite loop while processing Access Monitor reports or User IDs/groups reports (newlist type ID). Also, the VERIFY GROUPTREE command does not detect loops for the SYS1 group.
Problem conclusion
zSecure Audit and Access Monitor have been modified so that loops in the group ownership structure in the RACF data do not cause the program to enter an infinite loop. The VERIFY GROUPTREE command processing has been also modified so that it reports group ownership loops the SYS1 group.
Temporary fix
Comments
APAR Information
APAR number
OA60440
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
240
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-11-05
Closed date
2020-11-20
Last modified date
2020-12-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ04428
Modules/Macros
CKROUACC CKROUID CKRPRMSG CKRVGRP GKROUACC GKROUID GKRPRMSG GKRVGRP
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
R240 PSY UJ04428
UP20/11/24 P F011
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240"}]
Document Information
Modified date:
02 December 2020