A fix is available
APAR status
Closed as new function.
Error description
This APAR will update QMF for TSO and CICS installation jobs to support installation into a Db2 using an external security control (like RACF.) Jobs will be modified to optionally bypass GRANT statements. The default view job will not reference SYSIBM.SYSTABAUTH.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: QMF for TSO/CICS V12.1 users installing * * into a Db2 for z/OS subsystem using * * external access control to Db2 (like RACF). * **************************************************************** * PROBLEM DESCRIPTION: QMF Administrators installing QMF * * into Db2 for z/OS subsystems using * * external security methods such as * * RACF, would like a way to eliminate * * the default GRANT statements issued * * by QMF during the default installation * * process. Additionally, users would * * like the default list views used * * for the LIST TABLES (OWNER=ALL) * * command to bypass usage of * * SYSIBM.SYSTABAUTH. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
Temporary fix
Comments
Installation option exec, DSQ1DEFS found in QMF1210.SDSQEXCE(DSQ1DEFS), has been updated to add a new installation option EXTSEC. When the EXTSEC option is set to a value of "YESEXTSEC", the QMF installation process will bypass issuing GRANT statements. The following installation jobs have been updated to recognize EXTSEC: DSQ1BLNI, DSQ1BVW, DSQ1BPKG, DSQ1BINR, DSQ1STGJ, DSQ1EIVS and DSQ1EIVQ. Additionally, when EXTSEC option is set to "YESEXTSEC", installation job DSQ1BVW has been updated to define the default QMF list views without reference to SYSIBM.SYSTABAUTH. These views are used to list tables through the LIST TABLES or LIST ALL commands. The change impacts usage of these commands with the OWNER=ALL keyword. Note that when DSQ1BVW job is run with EXTSEC="YESEXTSEC", users issuing the LIST TABLES (OWNER=ALL) command will be presented with all tables found in SYSIBM.SYSTABLES. External security will still control access to tables. If this presents a security issue, users may wish to investigate the enhanced list views using installation job DSQ1BUDV or run DSQ1BVW with EXTSEC=" " (default mode). The default option for EXTSEC is set to a value of blank. When EXTSEC is set to blank, the QMF installation process will issue the necessary GRANT statements and the DSQ1BVW job will create the default list views with reference to SYSIBM.SYSTABAUTH.
APAR Information
APAR number
PH22984
Reported component name
QMF-QUERY MGMT
Reported component ID
566872101
Reported release
C10
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-03-05
Closed date
2020-03-10
Last modified date
2020-04-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI68305
Modules/Macros
DSQ0BCTV DSQ1BGDB DSQ1BLNO DSQ1BPKB DSQ1DEFS DSQ1ESTD DSQ1ESTQ DSQ1INST DSQ1STGC
Fix information
Fixed component name
QMF-QUERY MGMT
Fixed component ID
566872101
Applicable component levels
RC10 PSY UI68305
UP20/03/12 P F003
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCWRCK","label":"QMF for TSO\/CICS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.1.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
27 March 2020