IBM Support

OA53081: THE 'SUPPRESS NOT_MY_LIST_SCOPE' CARLA STATEMENT DOES NOT HONOR THE AUDITOR ATTRIBUTE FOR NEWLIST TYPE RACF_ACCESS.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The 'SUPPRESS NOT_MY_LIST_SCOPE' CARLa statement suppresses the
    NEWLIST TYPE=RACF_ACCESS resources where an auditor is not on
    the access list.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin/Audit exploiting the  *
    *                 'SUPPRESS NOT_MY_LIST_SCOPE' CARLa           *
    *                 statement in combination with a newlist type *
    *                 RACF_ACCESS.                                 *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin/Audit displays an         *
    *                      incomplete RACF_ACCESS report in cases  *
    *                      where 'SUPPRESS NOT_MY_LIST_SCOPE'      *
    *                      setting is in effect and a user has     *
    *                      the AUDITOR, or ROAUDIT privilege(s)    *
    *                      but does not also have the SPECIAL      *
    *                      privilege.                              *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When the 'SUPPRESS NOT_MY_LIST_SCOPE' CARLa statement is used
    and a user has the AUDITOR, or ROAUDIT privilege, but does not
    also have the SPECIAL privilege, in the complex being processed,
    the generated RACF_ACCESS report is incomplete.
    

Problem conclusion

  • zSecure Admin/Audit has been modified so that the generated
    RACF_ACCESS report is complete in cases where the 'SUPPRESS
    NOT_MY_LIST_SCOPE' CARLa setting is in effect and a user
    running the software has the AUDITOR, or ROAUDIT privilege(s),
    but does not also have the SPECIAL privilege in the complex
    being displayed.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA53081

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-06-14

  • Closed date

    2017-06-27

  • Last modified date

    2017-07-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA92412 UA92413

Modules/Macros

  •    CKRPRTR  GKRPRTR
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA92412

       UP17/06/29 P F706

  • R221 PSY UA92413

       UP17/06/29 P F706

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":""}]

Document Information

Modified date:
05 July 2017