A fix is available
APAR status
Closed as new function.
Error description
RACF NICDEF Security Controls Support
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of the VMLAN class in RACF for z/VM; * * Users of RPIDIRCT * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** With the PTFs for APARs VM65925, VM65926 and VM65931, the NICDEF user directory statement is enhanced to provide a set of new operands referred to as Directory Network Authorization (DNA). With DNA, a system administrator can configure and consolidate a virtual NIC device and its network properties in a secure, centralized location - z/VM's User Directory. The PTF for this APAR VM65931 updates z/VM 6.4 RACF so that the RPIDIRCT utility can accommodate the new NICDEF statement keywords which influence network configuration. With the new RPIDIRCT utility, these new keywords are automatically translated into VMLAN security permissions as part of building a new RACF database. This new RPIDIRCT utility is backwards-compatible with older versions of z/VM. New keywords supported include: * VLAN -- creates VLAN-specific VMLAN profiles * PROMISCUOUS -- adds ACCESS(CONTROL) to the VMLAN profile Refer to SC24-6218-06, z/VM V6.4 RACF Security Server Security Administrator's Guide (Chapter 10, section 'Protecting Guest LANs and Virtual Switches') for more information. Refer to APAR VM65925 for more information about the new Directory Network Authorization functionality.
Problem conclusion
Temporary fix
Comments
RPIDIRCT is backwards-compatible with older releases of z/VM. Applying this PTF to a member of a Single System Image will not cause a functionality change when some or none of the member nodes have VM65925 applied.
APAR Information
APAR number
VM65931
Reported component name
RACF/VM SUPPORT
Reported component ID
576700201
Reported release
640
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2016-11-03
Closed date
2017-07-27
Last modified date
2017-11-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UV61339
Modules/Macros
RPIDIRCT
SC24621806 |
Fix information
Fixed component name
RACF/VM SUPPORT
Fixed component ID
576700201
Applicable component levels
R640 PSY UV61339
UP17/08/02 P 1701
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"640","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
Document Information
Modified date:
24 November 2017