A fix is available
APAR status
Closed as program error.
Error description
When processing SMF data and there are multiple rules in the collection policy, accesses to database artifacts can be attributed to incorrect users. Incorrect users include userids that were specified in secondary rules in the policy that should not cause an event to be reported. Example: Rule 1 contains DB name "A" and userid "1234" Rule 2 contains DB name "B" and userid "5678'. When userid "5678" accesses DB name "A", we would incorrectly cause an event to be reported. When userid "1234" accesses DB name "B", we would again incorrectly cause an event to be reported. This is due to the RULE control block chain not being properly segregated when searching for DBD artifacts in the RECON data sets.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM Security Guardium S-TAP for IMS * * on z/OS * **************************************************************** * PROBLEM DESCRIPTION: When processing SMF data and there are * * multiple rules in the collection * * policy, accesses to database artifacts * * can be attributed to incorrect users. * * Incorrect users include userids that * * were specified in secondary rules in * * the policy that should not cause an * * event to be reported. * * * * Example: * * Rule 1 contains DB name "A" and userid * * "1234" * * Rule 2 contains DB name "B" and userid * * "5678". * * When userid "5678" accesses DB name * * "A", we would incorrectly cause * * an event to be reported. * * When userid "1234" accesses DB name * * "B", we would again incorrectly * * cause an event to be reported. * * * * This is due to the RULE control block * * chain not being properly segregated * * when searching for DBD artifacts in * * the RECON data sets. * **************************************************************** * RECOMMENDATION: * **************************************************************** Apply the supplied PTF to resolve this issue.
Problem conclusion
N/A
Temporary fix
Comments
APAR Information
APAR number
PI95338
Reported component name
SEC GUAR STAP I
Reported component ID
5655STM00
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-03-16
Closed date
2018-06-12
Last modified date
2018-07-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI56470 UI56471 UI56472
Modules/Macros
AUISFIN AUISFMG AUISFQDS
Fix information
Fixed component name
SEC GUAR STAP I
Fixed component ID
5655STM00
Applicable component levels
RA00 PSY UI56470
UP18/06/19 P F806
RA13 PSY UI56471
UP18/06/19 P F806
R910 PSY UI56472
UP18/06/19 P F806
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCJM6A","label":"IBM Security Guardium S-TAP for IMS on z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 July 2018