OA48482: TO ENABLE SPECIFIC USERS ABILITY TO EXECUTE TAKEACTION REQUESTS.

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• *The ability to securely use the existing Take Action features
  in the OMEGAMON and ITM products. This requirement includes both
   ad hoc Take Actions initiated by a user on TEP as well as Take
  Action associated with situations, sometimes referred to as
  Reflex Automation, and includes both "System" and "Prefixed"
  (product-provided) Take Action commands.
  
  *The product must provide the ability to authorize a user's
  ability to do a specific Take Action, and will not allow
  unauthorized actions.
  The product must provide an audit trail of who issued the Take
  Action and when.
  
  *The primary user interface is TEP, so the solution must work
  for TEP.
  
  *TEP user IDs currently associated with Take Action are not
  valid on z/OS, so must be mapped to valid user IDs on z/OS.
  
  *TEP user IDs may have "." (dot) or "-" (hyphen) characters
  included.
  

Local fix

Problem summary

• This APAR requirement applies to both ad hoc Take Actions
  initiated by a user on Tivoli Enterprise Portal as well as
  Take Action associated with situations, sometimes referred
  to as Reflex Automation, and includes both "System" and
  "Prefixed" (product-provided) Take Action commands. The
  product must provide the ability to authorize a user's
  ability to do a specific Take Action, and will reject
  unauthorized actions. The product must provide an audit
  trail of who issued the Take Action and when. The primary
  user interface is the portal client, so the solution must
  work for the portal client. The Tivoli Enterprise Portal
  client user IDs currently associated with Take Action are
  not valid on z/OS, so must be mapped to valid user IDs on
  z/OS. Portal client user IDs may have "." (dot) or "-"
  (hyphen) characters included.
  

Problem conclusion

• Install Actions:
  To allow the System Administrator to secure Take Action
  commands issued by portal client users, implement changes to
  the contents of the RKANPARU(KGLUMAP) Dataset.  The records
  in the Dataset will contain the following syntax, which will
  allow the System Administrator to specify which portal
  client UserID can execute specific 'Prefix' or 'System' Take
  Action commands.
  
    <comment> ::= *
    <space> ::= " "
    <prefix command> ::= <RESUME | >Q | ...>
    <system command> ::= <SEND | ACTIVATE | ...>
    <characters> ::= <A-Z>^00<a-z>|<0-9>
    <tepuserid> ::=  <characters> | <characters><*>
    <zOSuserid> ::=  <z/OSUserName>
    <command>   ::=  <prefix command> | <system command>
    <commandlist> ::=  <command> {, <command>}
  
    <comment> | <tepuserid> <space> <zOSuserid> { <space>
  <commandlist> }
  
    This feature is enabled by default if KGLUMAP is defined.
  To disable this feature, the user will define the following
  environment variables in their K<PC>ENV Dataset
  
    KGL_COMMAND_AUTHOR_SECURITY_REQUIRED=N
    KGL_COMMAND_TAKEACTION_SECURITY_ENABLED=N
  

Temporary fix

Comments

• This is fixed in UA79950.
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

  IV75046

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  MGMT SERVER DS

• Fixed component ID

  5608A2800

Applicable component levels

• R630 PSY UA79950

     UP15/12/15 P F512

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.