A fix is available
APAR status
Closed as program error.
Error description
CICS change team identified the defect. DFHXSRC now performs an optimised resource check for the QUERY SECURITY command. There is code which is incorrectly changing the TRANSATTACH check into the normal transaction Attach Check performed when a task starts. This special code for TRANSATTACH should only be in the non-optimised path in DFHXSRC. The optimised path should always be processed as a Query. In this case, UXPPHASE was set to USER_ATTACH_CHECK EQU x'40' instead of the expected USER_QUERY_CHECK EQU X'70'
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: When an EXEC CICS QUERY SECURITY * * command runs, if it drives RACF exit * * ICHRFX04, the exit finds the UXPPHASE * * value is USER_ATTACH_CHECK (x'40') * * instead of USER_QUERY_CHECK (x'70'). * **************************************************************** A menu application uses an EXEC CICS QUERY SECURITY command to determine whether users have a transaction available to them. EXEC CICS QUERY SECURITY RESTYPE ('TRANSATTACH ') RESID ('TRA1') LOGMESSAGE (55) READ (0) The RACF exit ICHRFX04 is enabled and runs as part of the RACROUTE REQUEST=FASTAUTH command that CICS uses to perform the security check. The exit can rely upon the UXPPHASE value in the CICS installation data being USER_QUERY_CHECK (x'70'). However instead of being x'70' the UXPPHASE value is USER_ATTACH_CHECK (x'40'). In this case the exit may not perform its required processing or return the expected result.
Problem conclusion
DFHXSRC has been changed to ensure that UXPPHASE is USER_QUERY_CHECK (x'70') for an EXEC CICS QUERY SECURITY command.
Temporary fix
Comments
APAR Information
APAR number
PH40294
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
200
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-09-01
Closed date
2021-11-25
Last modified date
2021-12-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI78264 UI78265
Modules/Macros
DFHXSRC
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5"}]
Document Information
Modified date:
02 December 2021