IBM Support

OA50319: ACCESS MONITOR DOES NOT PROPERLY TAKE INTO ACCOUNT TRUSTED STC WITH EZB.PORTACCESS PROFILES WHEN A PROFILE IS REMOVED

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Create a user ID and connect them to two profiles. Both of
    these profiles should grant trusted status in the STDATA
    segment to the user ID
    
    Run an Unload to capture the current data state
    
    Delete one of the profiles
    
    Run an AM.2 against the user ID and choose the option where the
    simulated access is less than current
    
    The resulting display should show that the user ID is still
    trusted (from the remaining profile) and the RACF return code
    from the current DB is 8.
    
    The ID should not show less than Trusted when it is already
    Trusted
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Access Monitor reporting    *
    *                 facility exploiting the "Compare monitored   *
    *                 access against current RACF database" (AM.2) *
    *                 option in interactive mode.                  *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Access Monitor reporting        *
    *                      function does not handle the TRUSTED    *
    *                      attribute assigned to an ID while       *
    *                      handling the STDATA segment data.       *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When the resource access simulation function for the STDATA
    segment is used by the zSecure Access Monitor reporting
    function, the TRUSTED ID attribute is not taken into account
    for the FASTAUTH RACF requests resulting in incorrect report
    data.
    

Problem conclusion

  • zSecure Access Monitor reporting engine has been modified so
    that the TRUSTED attribute assigned to an ID in the STDATA
    segment is simulated properly.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA50319

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    211

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-04-14

  • Closed date

    2016-05-30

  • Last modified date

    2016-06-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA81835 UA81836

Modules/Macros

  •    CKRCKFIN CKROUACC
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R211 PSY UA81835

       UP16/06/01 P F605

  • R220 PSY UA81836

       UP16/06/01 P F605

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"211","Edition":""}]

Document Information

Modified date:
02 June 2016