PI49359: NEW RACF LOGIC IN THE PESERVER FOR ISPF OLM CLIENT

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• The new RACF security logic for ISPF will be:
  
  Scan the userid and all RACF groups where the userid was added
  for the flags MONITOR1, MONITOR2, and SYSADM. If no RACF flags
  are found, SYSIBM.SYSUSERAUTH will be scanned to still support
  the GRANT security logic
  

Local fix

• N/A
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: OMEGAMON XE for DB2 PE/DB2PM                 *
  *                 users of component                           *
  *                 - PE Server subtask                          *
  ****************************************************************
  * PROBLEM DESCRIPTION: In a RACF environment logon from the    *
  *                      ISPF Online Monitor to PE Server fails  *
  *                      and message FPEM536 is displayed. The   *
  *                      monitoring PE Server subtask issues     *
  *                      messages FPEV2107E and FPEV0405E.       *
  ****************************************************************
  * RECOMMENDATION: Apply this PTF.                              *
  ****************************************************************
  PROBLEM SUMMARY:
  In a RACF environment the access to DB2 resources is secured
  through RACF only and not by DB2 GRANT internal security.
  Therefore no entries exist in the DB2 catalog table
  SYSUSERAUTH. When the ISPF Online Monitor tries to connect to
  the monitoring PE Server subtask, the PE Server verifies the
  required monitoring privileges for the provided user ID by
  selecting corresponding entries from table SYSUSERAUTH. The
  query fails and the connection request is rejected.
  
  PROBLEM CONCLUSION:
  The code has been corrected accordingly to check the RACF
  classes respective profiles implementing the DB2 authorization
  for user privileges.
  
  KEYWORDS:
  ISPF OLM LOGON FPEM536 FPEV2107E FPEV0405E
  AUTHORIZATION
  

Problem conclusion

• The code has been corrected accordingly to check the RACF
  classes respective profiles implementing the DB2 authorization
  for user privileges.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI33073 UI33074

Modules/Macros

• DGOVMSTR FPEVDB2I FPEVDB22
  

Fix information

• Fixed component name

  OM XE DB2PE/PM

• Fixed component ID

  5655OPE00

Applicable component levels

• R520 PSY UI33073

     UP15/11/20 P F511

• R530 PSY UI33074

     UP15/11/20 P F511

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.