IBM Support

PH12853: FILE MANAGER IMS SUPPORT FOR SECURING THE ACCESS THAT DYNAMIC PSBS PROVIDE TO USERS WHEN FM/IMS FUNCTIONS ARE RUN IN BMP MODE

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • File Manager IMS Support for securing the access that dynamic
    PSBs provide to users when FM/IMS functions are run in BMP mode
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All FM/IMS users.                            *
    ****************************************************************
    * PROBLEM DESCRIPTION: Security administrators require an      *
    *                      easier way to control the access that   *
    *                      users have to databases when using      *
    *                      FM/IMS functions that are run in BMP    *
    *                      mode.                                   *
    ****************************************************************
    * RECOMMENDATION: Apply the provided PTF.                      *
    ****************************************************************
    The access provided by dynamic and static
    PSBs needs to be considered separately.
    There is only one way administrators can control access by
    functions that use a dynamic PSB. That is, to write a security
    exit that issues RACROUTE calls.
    There are two ways the administrator can control access by
    functions that use a static PSB:
    - Write a security exit that issues RACROUTE calls (as for
    functions that use a dynamic PSB) or
    - Use Resource access security (RAS) and the IIMS and JIMS RACF
    security classes to control which PSBs each user can use.
    

Problem conclusion

Temporary fix

Comments

  • FM/IMS has been enhanced to provide a new security facility
    named the Database Access Control facility. When a user
    attempts to access a database through an FM/IMS function run in
    BMP mode, the facility issues a RACROUTE call to determine
    whether the user is authorized to access this database.
    The RACROUTE call is for the XFACILIT class resource
    FILEM.IMS1.ssid.DB.dbname
    where ssid is the IMS subsystem name and dbname is the name of
    the database that the user is attempting to access.
    For access by a read-only function, a user requires a minimum of
    READ-level access to this resource. For access by an update
    function, a user requires a minimum of UPDATE-level access to
    this resource.
    The access that users have to databases is controlled by
    creating profiles that protect this resource.
    For the documentation changes associated with this APAR,
    please refer to the 'What's New' section in the
    File Manager V14 Knowledge Center:
    https://ibm.biz/Bdj3bE
    

APAR Information

  • APAR number

    PH12853

  • Reported component name

    FILE MANAGER Z/

  • Reported component ID

    5655Q4200

  • Reported release

    E14

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-06-03

  • Closed date

    2019-08-28

  • Last modified date

    2019-10-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • FMN$$CPJ FMN$$CPK FMN0LVL  FMN0LVLJ FMN0LVLK FMN0MENU FMN0MJPN
    FMN0MKOR FMN0POE1 FMN0POE2 FMN0POE3 FMN0POPI FMN0POPT FMN0PWN1
    FMN0PWN2 FMN0PWN3 FMN1$CPJ FMN1$CPK FMN1ASMX FMN1CAT  FMN1CPYR
    FMN1DLI  FMN1FBPD FMN1FEB1 FMN1FFOR FMN1FIX1 FMN1FPR1 FMN1FTAD
    FMN1FTEX FMN1FUDB FMN1FUL  FMN1FUNS FMN1FUSS FMN1FUTP FMN1FXSC
    FMN1IMSB FMN1LVL  FMN1LVLJ FMN1LVLK FMN1MENU FMN1MJPN FMN1MKOR
    FMN1PCLN FMN1PCOM FMN1PED  FMN1PED1 FMN1PEDR FMN1PEDZ FMN1PHDZ
    FMN1PIVU FMN1PNWS FMN1POPD FMN1POPI FMN1POPT FMN1PSCB FMN1PSET
    FMN1PSSS FMN1PSTP FMN1PTUT FMN1PUTL FMN1PV1  FMN1PX1  FMN1RBR9
    FMN1RCLN FMN1RCPX FMN1RCRS FMN1RCU3 FMN1RED9 FMN1RLR1 FMN1RLR2
    FMN1RLR3 FMN1RTPL FMN1RTPX FMN1RTU3 FMN1RVPX FMN1RVU3 FMN1RVWS
    FMN1RXCD FMN1RXNE FMN1RXR0 FMN1RXR1 FMN1RXTO FMN1ST00 FMN1SXT
    FMN2ADIE FMN2ADIN FMN2APM  FMN2APR  FMN2ARM  FMN2ARP  FMN2ARR
    FMN2ARS  FMN2ART  FMN2ARY  FMN2ASL  FMN2ASQ  FMN2ASW  FMN2AZP
    FMN2BN0K FMN2BN1K FMN2BN2K FMN2BN9K FMN2CPYB FMN2CPYR FMN2D2I8
    FMN2D2IA FMN2D2IB FMN2D2IC FMN2D2JA FMN2D2JB FMN2D2JC FMN2DATA
    FMN2DENP FMN2DENU FMN2DJPN FMN2DKOR FMN2ERRK FMN2FBKE FMN2FBKN
    FMN2FBKZ FMN2FBLM FMN2FBLR FMN2FCQ6 FMN2FDBX FMN2FDTF FMN2FDX2
    FMN2FE4B FMN2FRCJ FMN2FRCM FMN2FRNO FMN2FSCR FMN2FTAD FMN2FTEX
    FMN2FTMF FMN2FTU2 FMN2FXGC FMN2GEN  FMN2GV20 FMN2GV21 FMN2GV22
    FMN2LVL  FMN2LVLJ FMN2LVLK FMN2MENU FMN2MJPN FMN2MKOR FMN2MSG
    FMN2MSGT FMN2P0KB FMN2P0KR FMN2P0PB FMN2P0PR FMN2P1KB FMN2P1KR
    FMN2P1PB FMN2P1PR FMN2P2KB FMN2P2KR FMN2P2PB FMN2P2PR FMN2PCLN
    FMN2PCOP FMN2PCPO FMN2PD2E FMN2PDBP FMN2PEO1 FMN2PEO2 FMN2PEO3
    FMN2PEO4 FMN2PEO5 FMN2PEO6 FMN2PEO7 FMN2PEO8 FMN2PEXO FMN2PIMI
    FMN2PIMO FMN2PNWS FMN2POAC FMN2POKB FMN2POKR FMN2POL  FMN2POLK
    FMN2POLP FMN2POPB FMN2POPI FMN2POPR FMN2POPT FMN2POTL FMN2PPO1
    FMN2PRD4 FMN2PRS4 FMN2PSO2 FMN2PSTD FMN2PSTP FMN2PSX2 FMN2PUOP
    FMN2PXO1 FMN2PXO2 FMN2PXO3 FMN2PXOA FMN2PXOB FMN2RBDO FMN2RBKW
    FMN2RBL2 FMN2RBS4 FMN2RCEB FMN2RCLS FMN2RD0N FMN2RD32 FMN2RD39
    FMN2RD45 FMN2RDRI FMN2REC4 FMN2RECP FMN2REFC FMN2REL2 FMN2REX3
    FMN2RFMP FMN2RGC3 FMN2RLOC FMN2ROLK FMN2RS71 FMN2RS72 FMN2RS73
    FMN2RS74 FMN2RS75 FMN2RS76 FMN2RS77 FMN2RS78 FMN2RS79 FMN2RSB2
    FMN2RSSL FMN2RSY4 FMN2RSY6 FMN2RSY7 FMN2RSY8 FMN2RSY9 FMN2RSYS
    FMN2RXGC FMN2RXL3 FMN2RXL6 FMN2RXTO FMN2SSDM FMN2SSEL FMN2ST00
    

Fix information

  • Fixed component name

    FILE MANAGER Z/

  • Fixed component ID

    5655Q4200

Applicable component levels

  • RE10 PSY UI65026

       UP19/09/04 P F909

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"E14","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSXJAV","label":"File Manager for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"E14","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
01 October 2019