IBM Support

OA54675: RESTRICTED MODE USERS DO NOT SEE DELETE CERTIFICATE ACTION EVEN WITH APPROPRIATE ACCESS TO IRR.DIGTCERT.DELETE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Restricted mode users do not see Delete certificate action even
    with appropriate access to IRR.DIGTCERT.DELETE.
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin exploiting the        *
    *                 RA.5 (Work with certificates, key rings,     *
    *                 filters and tokens) option in interactive    *
    *                 mode.                                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin does not allow            *
    *                      decentralized administrators to delete  *
    *                      the digital certificates even with a    *
    *                      proper access to the                    *
    *                      CKR.ACTION.RC.R.D profile in the        *
    *                      XFACILIT class.                         *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided and review the        *
    *                 documentation updates.                       *
    ****************************************************************
    When a decentralized zSecure administrator has proper access to
    the CKR.ACTION.RC.R.D profile in the XFACILIT class, the zSecure
    Admin does not allow to perform a 'DELETE' action for digital
    certificates (no 'D' action command is available in interactive
    mode).
    

Problem conclusion

  • zSecure Admin has been modified so that the decentralized
    zSecure administrators can delete digital certificates in cases
    where a proper access is defined for the CKR.ACTION.RC.R.D
    profile in the XFACILIT class and the administrator has
    sufficient rights for the digital certificate via the
    IRR.DIGTCERT.DELETE profile in the FACILTY class.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA54675

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    221

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-01-10

  • Closed date

    2018-08-01

  • Last modified date

    2018-09-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA97011 UA97012

Modules/Macros

  • C2RIMENU CKRACT   CKRACTQ  CKRACTR  CKRACTS  CKRDT    CKRFLDT
    CKRGEVL  CKRICMD  CKRINMO  CKRLKUP  CKRMODF  CKROUFLD CKROUNIT
    CKRP3DCG CKRP3DCN CKRPRLST CKRPRTFL CKRSCOP2 CKRSCOPE CKRSTELM
    CKXDT    GKRACT   GKRACTQ  GKRACTR  GKRACTS  GKRDT    GKRFLDT
    GKRGEVL  GKRICMD  GKRINMO  GKRLKUP  GKRMODF  GKROUFLD GKROUNIT
    GKRPRLST GKRPRTFL GKRSCOP2 GKRSCOPE GKRSTELM
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R221 PSY UA97011

       UP18/08/11 P F808

  • R230 PSY UA97012

       UP18/08/11 P F808

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"221","Edition":""}]

Document Information

Modified date:
04 September 2018