PH40294: EXEC CICS QUERY SECURITY IS INCORRECTLY SETTING UXPPHASE IN CICS INSTALLATION DATA (DFHXSUXP)

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• CICS change team identified the defect.
  DFHXSRC now performs an optimised resource check for the QUERY
  SECURITY command. There is code which is incorrectly changing
  the TRANSATTACH check into the normal transaction Attach Check
  performed when a task starts.
  This special code for TRANSATTACH should only be in the
  non-optimised path in DFHXSRC. The optimised path should always
  be processed as a Query.
  In this case, UXPPHASE was set to USER_ATTACH_CHECK EQU x'40'
  instead of the expected USER_QUERY_CHECK EQU   X'70'
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS users.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: When an EXEC CICS QUERY SECURITY        *
  *                      command runs, if it drives RACF exit    *
  *                      ICHRFX04, the exit finds the UXPPHASE   *
  *                      value is USER_ATTACH_CHECK (x'40')      *
  *                      instead of USER_QUERY_CHECK (x'70').    *
  ****************************************************************
  A menu application uses an EXEC CICS QUERY SECURITY command to
  determine whether users have a transaction available to them.
  
  EXEC CICS QUERY SECURITY
  RESTYPE ('TRANSATTACH ')
  RESID ('TRA1')
  LOGMESSAGE (55)
  READ (0)
  
  The RACF exit ICHRFX04 is enabled and runs as part of the
  RACROUTE REQUEST=FASTAUTH command that CICS uses to perform the
  security check.  The exit can rely upon the UXPPHASE value in
  the CICS installation data being USER_QUERY_CHECK (x'70').
  
  However instead of being x'70' the UXPPHASE value is
  USER_ATTACH_CHECK (x'40').  In this case the exit may not
  perform its required processing or return the expected result.
  

Problem conclusion

• DFHXSRC has been changed to ensure that UXPPHASE is
  USER_QUERY_CHECK (x'70') for an EXEC CICS QUERY SECURITY
  command.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI78264 UI78265

Modules/Macros

• DFHXSRC
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R200 PSY UI78264

     UP21/11/30 P F111

• R300 PSY UI78265

     UP21/11/30 P F111

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.