Description: Prior to z/OS V1R13, the System Authorization Facility (SAF) resource profile associated with the VIPARANGE statement (EZB.BINDDVIPARANGE.sysname.tcpname) was ignored in the following scenario when an application issues a bind:
In this scenario, the PORT statement (including its optional SAF parameter) was used to control access to both the port and to creating the dynamic VIPA (DVIPA).
Beginning in V1R13, the VIPARANGE resource profile is not ignored in this scenario; creation of the IP address is controlled by both the SAF resource profile associated with the VIPARANGE statement and by the PORT statement:
Element or feature: | Communications Server. |
When change was introduced: | z/OS V1R13. |
Applies to migration from: | z/OS V1R12. |
Timing: | Before installing z/OS V2R1. |
Is the migration action required? | Yes, if you have defined the EZB.BINDDVIPARANGE.sysname.tcpname resource profile, but you have not given READ access to this resource to all applications that create DVIPAs by binding to addresses that are within a VIPARANGE subnet. |
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | None. |
Related IBM Health Checker for z/OS check: | None. |
Steps to take: Be aware that the EZB.BINDDVIPARANGE.sysname.tcpname resource profile is always checked if defined; ensure all applications that create DVIPAs by binding to addresses within a VIPARANGE subnet have READ access to this resource.