IBM Support

PK78043: A USER IS ABLE TO LOG IN TO THE ADMINISTRATIVE CONSOLE, EVEN THOUGH IT IS NOT AUTHORIZED TO THE TRUSTEDAPPS PROFILE.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When the TRUSTEDAPPS profile is defined in RACF and the user is
    not have at least READ permission to this profile, then this
    user should not be able to log in to the administrative console.
     However, the user is able to log without any errors. It is not
    until the user saves changes that errors are manifested.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of WebSphere Application Server   *
    *                  V6.1.0 for z/OS that use SAF authorization. *
    ****************************************************************
    * PROBLEM DESCRIPTION: User that doesn't have READ access to the
    *                      TRUSTEDAPPS profile in SAF is allowed to
    *                      log in to the administrative console.   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    A user who does not have READ permission to the TRUSTEDAPPS
    profile in the SAF database is able to log in to the
    administrative console.
    

Problem conclusion

  • A security custom property,
    security.zOS.enforceTrustedAppsCheck, was added with a default
    value of false. When this property is set to true, the
    TRUSTEDAPPS check will be enforced so that any user who does
    not
    have READ access to this profile will not be allowed to log in
    to the administrative console.
    
    APAR PK78043 APAR requires changes to documentation.
    
    NOTE: Periodically, we refresh the documentation on our
    Web site, so the changes might have been made before you
    read this text. To access the latest on-line
    documentation, go to the product library page at:
    
    http://www.ibm.com/software/webservers/appserv/library
    
    Changes to the WebSphere Application Server Version 6.1
    Information Center will be made available in
    June, 2009.
    
    The following description of the new security custom
    property will be added to the topic "Security custom
    properties:"
    
    security.zOS.enforceTrustedAppsCheck
    
    This property is used to indicate whether BBO.TRUSTEDAPPS
    checks are enforced. When this property is set to true,
    BBO.TRUSTEDAPPS checks are enforced. This means that
    any user who does not have READ access to this SAF
    profile is not be allowed to log into the
    administrative console.
    
    APAR PK78043 is currently targeted for inclusion in Service
    Level (Fix Pack) 6.1.0.25 of WebSphere Application Server V6.1
    for z/OS.
    
    Please refer to URL:
    //www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack availability.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK78043

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-12-31

  • Closed date

    2009-03-31

  • Last modified date

    2009-07-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R610 PSY UK47214

       UP09/06/22 P F906

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
29 December 2021