IBM Support

OA54022: WHEN COPYING A GROUP WITH CONNECTED USERS IN REVOKED STATUS, ONLY CONNECTED USERS WITH A REVOKEDT ARE COPIED

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • when copying a group using RA.G option C on the local system
(no CKNSERVE involvement here) that the REVOKE field is only
copied when a revoke date is also specified.

When copying a group (RA.G and C next to the group) with
connected users in REVOKED status, only users with a REVOKEDT
are copied with REVOKE status

QZ1708012

Local fix

  • Manually correct generated RACF commands

Problem summary

  • ****************************************************************
* USERS AFFECTED: Users of zSecure Admin for RACF exploiting   *
*                 the 'COPY GROUP' action in interactive mode. *
****************************************************************
* PROBLEM DESCRIPTION: zSecure Admin for RACF generates        *
*                      incomplete RACF commands while          *
*                      performing a 'COPY GROUP' processing    *
*                      in cases where group connects have a    *
*                      REVOKED attribute and no revoke date.   *
****************************************************************
* RECOMMENDATION: Apply the PTF provided.                      *
****************************************************************
When group connects have a REVOKED attribute and no revoke date,
the zSecure Admin generates incomplete RACF commands for such
connects (that are RACF 'connect' commands without a REVOKE
keyword) while performing the 'COPY GROUP' processing.

Problem conclusion

  • zSecure Admin has been modified so that a 'COPY GROUP' action
generates proper RACF commands for group connects with a REVOKED
attribute and without a revoke date.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    OA54022
    • 

  • Reported component name
    ZSEC BASE,ADMIN
    • 

  • Reported component ID
    5655T0100
    • 

  • Reported release
    221
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-09-25
    • 

  • Closed date
    2017-10-23
    • 

  • Last modified date
    2017-11-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
OA54186 UA94065
    

    • 



Modules/Macros


    

  •    CKRRUSR  GKRRUSR

    



Fix information


    

  • Fixed component name
    ZSEC BASE,ADMIN
    • 

  • Fixed component ID
    5655T0100
    • 



Applicable component levels


    

  • R221  PSY  UA94065
       UP17/10/25  P  F710
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            16 August 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback