A fix is available
APAR status
Closed as program error.
Error description
You are attempting to issue 'CEMT INQUIRE WLMHEALTH'. This fails with a security violation: DFHXS1111 CEMT SECURITY VIOLATION BY USER userid at NETNAME netname1 FOR RESOURCE ASSOCIATION IN CLASS CLASS1. SAF CODES ARE (X'00000004',X'00000000'). ESM CODES ARE (X'00000004',X'00000000'). RACF REQUEST MADE WAS FASTAUTH. WLMHEALTH has been added to the command security resource profile CLASS1. Trace in the dump shows that the command resource being checked is actually ASSOCIATION. XS 0701 XSRC ENTRY - FUNCTION(CHECK_CICS_COMMAND) RESOURCE_TYPE(WLMHEALTH) ACCESS(INQUIRE) TASK-00050 KE_NUM-00AA TCB-C/QR /008B9E88 RET-A3A40364 TIME-18:31:35.2438582167 INTERVAL-00.0000012158 XS 0709 XSRC EVENT CHECK ASSOCIATION FUNCTION(CHECK_RESOURCE_ACCESS) SECURITY_TOKEN(22BA75F0 , 00000004) CLASSNAME(CCICSCMD) ACCE (READ) LOGMESSAGE(YES) RESOURCE(240C777C , 0000000B) TASK-00050 KE_NUM-00AA TCB-C/QR /008B9E88 RET-A3A40364 TIME-18:31:35.2438604492 INTERVAL-00.0000022324 The problem is due to the fact that the WLMHEALTH command was not added to the command_name_table in DFHXSRC. The Knowledge Center will also be updated to add WLMHEALTH to the command security checking section. Additional Symptom(s) Search Keyword(s): KIXREVSWM
Local fix
add ASSOCIATION to command resource checking class. The problem is that the WLMHEALTH command was not added to the command_name_table in DFHXSRC. When DFHXSRC is asked to perform the security check for WLMHEALTH the command is not found in the table so the first entry gets used instead. The list is in alphabetical order so that is why ASSOCIATION gets used instead.
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users. * **************************************************************** * PROBLEM DESCRIPTION: CEMT INQUIRE WLMHEALTH may fail with * * DFHXS1111. * **************************************************************** * RECOMMENDATION: . * **************************************************************** When issuing a CEMT INQUIRE WLMHEALTH or CEMT SET WLMHEALTH command on a CICS system it may fail with a DFHXS1111 and ICH408I. The problem can happen should the CICS region be using command security and the security manager has been setup to have different levels of access for the different resources. Even with resource WLMHEALTH having the correct access in the security manager should the user not have access to ASSOCIATION then the security violation will still occur. Keywords; msgDFHXS1111 XS1111 msgICH408I
Problem conclusion
DFHXSRC has been changed to correctly check access to the WLMHEALTH resource for INQUIRE and SET WLMHEALTH commands.
Temporary fix
Comments
APAR Information
APAR number
PI84397
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-07-12
Closed date
2017-09-12
Last modified date
2017-10-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI50249
Modules/Macros
DFHXSRC
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
R100 PSY UI50249
UP17/09/19 P F709
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.4","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 October 2017