IBM Support

OA67244: TRUSTED NEWLIST MAY NOT REPORT ALL RESOURCES WHEN RUN IN ISOLATION

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • TRUSTED newlist may not report all resources when run in
    isolation.
    
    This can result in reports that are missing some expected
    sensitivity types because the resources they relate to are not
    reported.
    

Local fix

  • Add a newlist type=resource report alongside the newlist
    type=trusted report.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Audit exploiting the        *
    *                 following reports in interactive mode:       *
    *                                                              *
    *                  o Users who can bypass normal system        *
    *                    security.                                 *
    *                  o Sensitive resources and who may           *
    *                    compromise them.                          *
    *                                                              *
    *                 or newlist type TRUSTED in batch mode.       *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Audit might not report resource *
    *                      names having ModSJobOut and ReadSJobOut *
    *                      sensitivities.                          *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    The TRUSTED report produced by zSecure Audit might not report
    data having following sensitivities:
    
     o ModSJobOut : Can read and manage job output.
     o ReadSJobOut: Can read job output.
    
    This inconvenience occurs in cases where the TRUSTED report is
    evaluated in isolation (only TRUSTED report was requested).
    The sensitivities in question are reported in cases where the
    TRUSTED report is evaluated together with a RESOURCE report.
    

Problem conclusion

  • zSecure Audit has been modified, so that data set having
    ModSJobOut and ReadSJobOut sensitivities are properly reported
    by the TRUSTED report in cases where it is evaluated in
    isolation.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA67244

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    310

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2024-11-18

  • Closed date

    2024-12-05

  • Last modified date

    2025-01-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UJ96418

Modules/Macros

  • CKRMAIN  GKRMAIN
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R310 PSY UJ96418

       UP24/12/06 P F412

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
02 January 2025