OA67613: ZSECURE AUDIT INCORRECTLY REPORTS TEMPORARY DATA SETS AS JESSPOOL RESOURCES

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• zSecure Audit incorrectly reports temporary data sets as
  JESSPOOL resources.
  
  Sensitivity types ReadSJobOut and ModSJobOut may then
  incorrectly report system temporary data sets in the TRUSTED
  newlist.
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: Users of zSecure Audit exploiting the        *
  *                 following reports in interactive mode:       *
  *                                                              *
  *                  o Users who can bypass normal system        *
  *                    security.                                 *
  *                  o Sensitive resources and who may           *
  *                    compromise them.                          *
  *                                                              *
  *                 or newlist type TRUSTED in batch mode.       *
  ****************************************************************
  * PROBLEM DESCRIPTION: zSecure Audit incorrectly reports       *
  *                      temporary data sets with assigned       *
  *                      ReadSJobOut and/or ModSJobOut           *
  *                      sensitivity type(s).                    *
  ****************************************************************
  * RECOMMENDATION: Apply the PTF provided.                      *
  ****************************************************************
  The TRUSTED report produced by zSecure Audit incorrectly
  reports temporary data sets with following sensitivity types:
  
   o ReadSJobOut: can read job output.
   o ModSJobOut : can read and manage job output.
  
  Data sets allocated with a 'SUBSYS=' allocation parameter and
  those without 'SYSOUT' are reported in the same way when they
  should not.
  

Problem conclusion

• zSecure Audit has been modified, so that only data sets
  allocated with a 'SYSOUT=' allocation parameter are reported as
  having the ReadSJobOut or ModSJobOut sensitivity when
  applicable.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UJ97071

Modules/Macros

• CKFJFC2  CKRCFS   CKRESDV  GKRCFS   GKRESDV
  

Fix information

• Fixed component name

  ZSEC BASE,ADMIN

• Fixed component ID

  5655T0100

Applicable component levels

• R310 PSY UJ97071

     UP25/05/03 I 1000

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.