APAR status
Closed as program error.
Error description
Even if administration security is enabled, you should not have to explicitly grant permissions for the following administration interfaces, authentication is provided only by the system login; no additional authentication is carried out by the integration node: . IBM Integration Toolkit . IBM Integration API . IBM Integration Bus commands However, on z/OS, this is not working as expected. For example, attempting to use the Integration API calls in a Java compute node when file based administration security is enabled, results in authentication errors, for example: BIP2852E: The role 'WMQI20' is not authorized to perform the requested operation 'view' against the object 'MQ20BRK' of type 'Broker'. The role 'WMQI20' needs to have 'Read' permission on the object 'MQ20BRK' of type 'Broker'.
Local fix
As a work around, you can create a role named for your brokers started task id and grant it the necessary permissions, depending on what actions you want to perform on the administered objects.
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM Integration Bus v10 on z/OS who use file mode security. Platforms affected: z/OS **************************************************************** PROBLEM DESCRIPTION: If using file mode security, you should not have to create a role for the integration nodes user and grant permissions when using the following administration interfaces: IBM Integration Toolkit (when making a local connection, specifying only the integration node name) IBM Integration API IBM Integration Bus commands (when making a local connection, specifying only the integration node name) In these cases, authentication is provided only by the system login; no additional authentication is carried out by the integration node. However, on IIB z/OS, if a role had not been created and the appropriate permissions granted for the integration nodes user id, then the following types of errors may be reported: BIP2852E: The role 'WMQIxx' is not authorized to perform the requested operation 'view' against the object 'MQxxBRK' of type 'Broker'. The role 'WMQIxx' needs to have 'Read' permission on the object 'MQxxBRK' of type 'Broker'.
Problem conclusion
The product has been modified to remove the need for a role to be defined for the integration nodes user id when using file mode security. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.12 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
PI85389
Reported component name
IIB Z/OS
Reported component ID
5655AB100
Reported release
A00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-08-02
Closed date
2018-03-21
Last modified date
2018-03-21
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IIB Z/OS
Fixed component ID
5655AB100
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQH8","label":"IBM Integration Bus for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
21 March 2018