A fix is available
APAR status
Closed as program error.
Error description
Intermittently, C2POLICE (Alert) will produce the following message: IRR421I ACEE modification detected for user P9KZALRT in address space ID 0x0000004C running under user P9KZALRT and job name P9KZALRT while program CKR8Z12 is running. The RACF function detecting the modification is IRRRCK00. Rsn=0x40000000. (ACEEPRIV is ON). Occurrences 1. Resource=TORHYP.P9KZALRT.P9KZALRT.STC06781.D0000106.?(JESSPOOL). Call chain: CKR8Z12 <- CKRCARLA <- C2PRPTHR <- C2PRPTRT <- C2POLICE This situation should not occur and is a timing issue between the reporting and collection tasks.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: Users of zSecure Alert exploiting extended * * monitoring alerts. * **************************************************************** * PROBLEM DESCRIPTION: z/OS RACF might issue a MSGIRR421I in * * cases where zSecure extended monitoring * * alerts are active. This might occur if * * the data collection sub-task is * * executing at the moment when the * * reporting sub-task accesses RACF * * protected resources. * **************************************************************** * RECOMMENDATION: Apply the PTF provided and revert the * * documentation changes mentioned in the APAR * * OA62634 tracking comment data. * **************************************************************** When zSecure Alert has extended monitoring alerts active, a zSecure Collect sub-task is used to retrieve z/OS UNIX related data. z/OS RACF might issue a MSGIRR421I with text "ACEE modification detected ..." for another sub-task that requires access to RACF protected resources.
Problem conclusion
zSecure Collect has been modified, so that no MSGIRR421I is issued in cases where zSecure Alert is configured to use extended monitoring alerts. Please note that the documentation changes mentioned in the APAR OA62634 tracking comment data are reverted back to the original text.
Temporary fix
Comments
APAR Information
APAR number
OA63844
Reported component name
ZSEC BASE,ADMIN
Reported component ID
5655T0100
Reported release
240
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-10-18
Closed date
2022-10-31
Last modified date
2022-11-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ09409 UJ09423
Modules/Macros
CKFSMF CKFUNIX
Fix information
Fixed component name
ZSEC BASE,ADMIN
Fixed component ID
5655T0100
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
01 November 2022