PH68511: YAML CANNOT HANDLE RACF GROUP NAMES STARTING WITH '@' IN ESM FILE

A fix is available

APAR status

Closed as program error.

Error description

DFH$R2SM calls DFH$XSU to create security metadata from
RACF. The generated output does not enclose fields correctly in,
quotes, leading to invalid YAML formatting if special characters
are used in any RACF fields being processed.

When using CICS Security Discovery to parse this RACF metadata
in CICS Explorer, an error message like below may appear if the
RACF group names start with '@':

 Line 22,069 referenced below is invalid. Caused by "found
character '@' that cannot start any token. (Do not use @ for
indentation)".

Local fix

Edit the ESM file with single quotes around everything that
starts with an @ to make the word a string.

Problem summary

****************************************************************
* USERS AFFECTED: All CICS users.                              *
****************************************************************
* PROBLEM DESCRIPTION: Security Discovery Editor in CICS       *
*                      Explorer fails to parse generated CICS  *
*                      security metadata due to invalid        *
*                      formatting generated by DFH$R2SM.       *
****************************************************************
DFH$R2SM JCL is run to generate security metadata from RACF
using DFH$XSU but the RACF fields are not enclosed in quotes.
This leads to invalid YAML if fields begin with a special
character, such as an '@'.

When this security metadata file is then used in the Security
Discovery Editor within CICS Explorer, the following error
occurs:

Line 22,069 referenced below is invalid. Caused by "found
character '@' that cannot start any token. (Do not use @ for
indentation)".

Problem conclusion

CICS has been updated to ensure RACF fields are enclosed in
quotes in the security metadata output from DFH$XSU.

Temporary fix

Comments

APAR Information

APAR number
PH68511
Reported component name
CICS TS Z/OS V6
Reported component ID
5655YA100
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2025-10-14
Closed date
2026-03-11
Last modified date
2026-04-02

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

UO07104 UO07105 UO07106

Modules/Macros

```
DFH$XSR  DFH$XSU
```

Fix information

Fixed component name
CICS TS Z/OS V6
Fixed component ID
5655YA100

Applicable component levels

R400 PSY UO07106
UP26/03/12 P F603
R500 PSY UO07105
UP26/03/18 P F603
R600 PSY UO07104
UP26/03/12 P F603

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.2","Line of Business":{"code":"LOB70","label":"Z TPS"}}]

Document Information

Modified date:
02 April 2026

Tips

PH68511: YAML CANNOT HANDLE RACF GROUP NAMES STARTING WITH '@' IN ESM FILE

A fix is available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R400 PSY UO07106

R500 PSY UO07105

R600 PSY UO07104

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

Document Information

Share your feedback

Need support?