IBM Support

PI88044: CALLING PURGEUSERFROMAUTHCACHE OR A USER THAT IS IN A GROUP PERMITTED TO A ROLE DOES NOT TAKE AFFECT.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The following is a sample scenario.
    
    All users of WebSphere for z/OS should have a  unique uid/gid.
    
    USER1 is permitted to the group GROUP1
    GROUP1 is permitted to the role AuthorizedRole
    When USER1 is removed from GROUP1, the mbean call
    purgeUserInAuthCache does not take affect and USER1 still has
    access to the role AuthorizedRole.
    

Local fix

  • Restart the Server for the change to take affect.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of z/OS IBM WebSphere Application *
    *                  Server V8.5 and V9.0                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: Changes in the localOS SAF registry     *
    *                      are not updated in Application          *
    *                      Server user credentials.                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    A user performs a login using the localOS SAF registry. Then
    authorization changes are made to the SAF registry for this
    user. For example, a user is added to a group. The user
    performs a logout. The user performs another login. The
    expectation is that the user now will pickup the authorization
    change. However, the user still has old authorizations. The
    user is still not a member fo the new group.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PI88044

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-09-27

  • Closed date

    2018-04-05

  • Last modified date

    2018-04-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 December 2021