IBM Support

OA54022: WHEN COPYING A GROUP WITH CONNECTED USERS IN REVOKED STATUS, ONLY CONNECTED USERS WITH A REVOKEDT ARE COPIED

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • when copying a group using RA.G option C on the local system
    (no CKNSERVE involvement here) that the REVOKE field is only
    copied when a revoke date is also specified.
    
    When copying a group (RA.G and C next to the group) with
    connected users in REVOKED status, only users with a REVOKEDT
    are copied with REVOKE status
    
    QZ1708012
    

Local fix

  • Manually correct generated RACF commands
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin for RACF exploiting   *
    *                 the 'COPY GROUP' action in interactive mode. *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin for RACF generates        *
    *                      incomplete RACF commands while          *
    *                      performing a 'COPY GROUP' processing    *
    *                      in cases where group connects have a    *
    *                      REVOKED attribute and no revoke date.   *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When group connects have a REVOKED attribute and no revoke date,
    the zSecure Admin generates incomplete RACF commands for such
    connects (that are RACF 'connect' commands without a REVOKE
    keyword) while performing the 'COPY GROUP' processing.
    

Problem conclusion

  • zSecure Admin has been modified so that a 'COPY GROUP' action
    generates proper RACF commands for group connects with a REVOKED
    attribute and without a revoke date.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA54022

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    221

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-09-25

  • Closed date

    2017-10-23

  • Last modified date

    2017-11-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    OA54186 UA94065

Modules/Macros

  •    CKRRUSR  GKRRUSR
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R221 PSY UA94065

       UP17/10/25 P F710

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":""}]

Document Information

Modified date:
01 November 2017