IBM Support

OA57335: RA.Q, OPTION 7 RESULTS IN MESSAGE CKG706I WHEN EXECUTING THE CKGRACF COMMAND.

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When using RA.Q option 7 to copy a source user ID to a
    destination user ID, the CKGRACF command executed results in
    the CKG706I message being issued, due to excessive length of
    the operand.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin for RACF exploiting   *
    *                 the copy/recreate profile functions and user *
    *                 data operations in interactive mode using    *
    *                 the zSecure CKGRACF program.                 *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin generates incorrectly     *
    *                      formatted CKGRACF commands for profiles *
    *                      having long USRDATA entries so that the *
    *                      zSecure CKGRACF program fails to        *
    *                      execute such commands and issues a      *
    *                      MSGCKG706I. The zSecure Command         *
    *                      Verifier command audit trails stored as *
    *                      USRDATA profile entries are also        *
    *                      included while it is not desirable.     *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided and review the        *
    *                 documentation updates.                       *
    ****************************************************************
    When a RACF profile contains long USRDATA, the zSecure Admin
    generates incorrectly formatted CKGRACF commands in response to
    the copy/recreate profile actions so that the zSecure CKGRACF
    program fails to execute such commands and issues a MSGCKG706I
    which begins with the text "String with length <length> is
    longer than expected size <size>. The zSecure Command Verifier
    command audit trails stored as USRDATA profile entries are also
    included in these commands.
    

Problem conclusion

  • zSecure Admin and the CKGRACF program have been modified so
    that:
     - USRDATA profile entries with length up to 32737 bytes are
       supported by the user interface and CKGRACF program;
     - The The zSecure Command Verifier command audit trails stored
       as USRDATA profile entries are not included in the generated
       CKGRACF commands in response to the copy/recreate profile
       actions.
    Please note the documentation changes as provided by the APAR
    tracking comment data.
    

Temporary fix

Comments

  • ×**** PE20/01/20 FIX IN ERROR. SEE APAR OA58947  FOR DESCRIPTION
    

APAR Information

  • APAR number

    OA57335

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    231

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-04-10

  • Closed date

    2019-12-16

  • Last modified date

    2020-01-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ01666 UJ01667

Modules/Macros

  • C2RIMENU C2RP3@MU C2RP3UD1 C2RP3XCL C2RT3UD1 C2RT3UD2 CKAOUNIX
    CKAOURSL CKARCMD  CKASFW   CKASINT  CKASMF77 CKFAXVM  CKFPDS
    CKFRSLV  CKG72    CKG73    CKGCHK   CKGCPIC  CKGCVOP  CKGENQ
    CKGICHE  CKGIFMT  CKGINC   CKGINIT  CKGINP   CKGINPC  CKGINPI
    CKGINPU  CKGLCMD  CKGLIST  CKGMAIN  CKGMD5   CKGPCMD  CKGPWDC
    CKGRACF  CKGRCRT  CKGSRVI  CKGTERM  CKGTOK   CKGTSO   CKGTSOP
    CKGUSRD  CKRACT   CKRACTR  CKRACTS  CKRALLOC CKRBMRG  CKRCARL@
    CKRCKGA  CKRCKGF  CKRCKGS  CKRCUST  CKRDLKUP CKREFRI  CKRESRC
    CKRFLDT  CKRGEVL  CKRICMD  CKRINLS  CKRINMO  CKRINP@  CKRINPC
    CKRINPI  CKRINPL  CKRINPM  CKRINPN  CKRINPO  CKRINPS  CKRINPZ
    CKRMAIN  CKRMODF  CKRMRG7  CKRMRG8  CKRMRG9  CKROUNIT CKROUPUT
    CKRPRMSG CKRSTCA  CKRSTORE CKRSTPL  CKRSTREE CKRTOK   CKRTSO
    CKRXMLB  GKRACT   GKRACTR  GKRACTS  GKRALLOC GKRBMRG  GKRCARL@
    GKRCKGA  GKRCKGF  GKRCKGS  GKRCUST  GKRDLKUP GKREFRI  GKRESRC
    GKRFLDT  GKRGEVL  GKRICMD  GKRINLS  GKRINMO  GKRINP@  GKRINPC
    GKRINPI  GKRINPL  GKRINPM  GKRINPN  GKRINPO  GKRINPS  GKRINPZ
    GKRMAIN  GKRMODF  GKRMRG7  GKRMRG8  GKRMRG9  GKROUNIT GKROUNIX
    GKROUPUT GKROURSL GKRPRMSG GKRRCMD  GKRSFW   GKRSINT  GKRSMF77
    GKRSTCA  GKRSTORE GKRSTPL  GKRSTREE GKRTOK   GKRTSO   GKRXMLB
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R231 PSY UJ01666

       UP19/12/18 P F912

  • R240 PSY UJ01667

       UP19/12/18 P F912

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"231","Edition":""}]

Document Information

Modified date:
23 January 2020