APAR status
Closed as program error.
Error description
While utilizing the REST API in MQ 9.3 LTS for operations such as listing directory contents, creating files, or copying files from the appliance, it's possible to encounter authentication failures, even when an access profile for */*/login/rest-mgmt?Access=r is configured. For example, when attempting to list the 'mqbackup' directory, the following outcome is observed: curl --silent -s -k https://$HOSTNAME:$REST_PORT/mgmt/filestore/default/mqbackup -X GET -u $MQ_REST_USER:$MQ_REST_PASSWORD {"_links":{"self":{"href":"/mgmt/filestore/default/mqbackup"}}," error":[ "Authentication failure."]}
Local fix
Add the following additional access profile to grant access for rest-mgmt type logins. access-policy */*/login/xml-mgmt?Access=r+w+a+d+x
Problem summary
**************************************************************** USERS AFFECTED: All users of IBM MQ Appliance 9.3.0 Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: Changes in the 9.3 firmware meant that additional internal authorities were required to access resources during the processing REST API requests. The "read" access profile had not been updated to include these internal authorities, which caused the object access to fail.
Problem conclusion
The MQ Appliance firmware is updated to provide the correct read authority on the necessary internal resources when a "read" access policy is defined. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.3 LTS 9.3.0.15 v9.x CD 9.3.4 The latest available maintenance can be obtained from 'IBM MQ Recommended Fixes' https://www.ibm.com/support/pages/recommended-fixes-ibm-mq If the maintenance level is not yet available information on its planned availability can be found in 'IBM MQ Planned Maintenance Release Dates' https://www.ibm.com/support/pages/ibm-mq-planned-maintenance-rel ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT44858
Reported component name
MQ APPLIANCE M2
Reported component ID
5900ALJ00
Reported release
930
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-10-30
Closed date
2023-11-10
Last modified date
2024-01-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MQ APPLIANCE M2
Fixed component ID
5900ALJ00
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"930","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
19 January 2024