OA50319: ACCESS MONITOR DOES NOT PROPERLY TAKE INTO ACCOUNT TRUSTED STC WITH EZB.PORTACCESS PROFILES WHEN A PROFILE IS REMOVED

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• Create a user ID and connect them to two profiles. Both of
  these profiles should grant trusted status in the STDATA
  segment to the user ID
  
  Run an Unload to capture the current data state
  
  Delete one of the profiles
  
  Run an AM.2 against the user ID and choose the option where the
  simulated access is less than current
  
  The resulting display should show that the user ID is still
  trusted (from the remaining profile) and the RACF return code
  from the current DB is 8.
  
  The ID should not show less than Trusted when it is already
  Trusted
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of zSecure Access Monitor reporting    *
  *                 facility exploiting the "Compare monitored   *
  *                 access against current RACF database" (AM.2) *
  *                 option in interactive mode.                  *
  ****************************************************************
  * PROBLEM DESCRIPTION: zSecure Access Monitor reporting        *
  *                      function does not handle the TRUSTED    *
  *                      attribute assigned to an ID while       *
  *                      handling the STDATA segment data.       *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF provided.                      *
  ****************************************************************
  When the resource access simulation function for the STDATA
  segment is used by the zSecure Access Monitor reporting
  function, the TRUSTED ID attribute is not taken into account
  for the FASTAUTH RACF requests resulting in incorrect report
  data.
  

Problem conclusion

• zSecure Access Monitor reporting engine has been modified so
  that the TRUSTED attribute assigned to an ID in the STDATA
  segment is simulated properly.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UA81835 UA81836

Modules/Macros

•    CKRCKFIN CKROUACC
  

Fix information

• Fixed component name

  ZSEC BASE,ADMIN

• Fixed component ID

  5655T0100

Applicable component levels

• R211 PSY UA81835

     UP16/06/01 P F605

• R220 PSY UA81836

     UP16/06/01 P F605

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.