PQ76875: THE PERMIT FOR CBS390 APPL NEEDS TO INCLUDE GROUP WSCLGP FOR ID WSGUEST OR APPLICATION CONTROLLER REGION FAILS WITH BBOS0003E

APAR status
Closed as fixed if next.

Error description
If you have a generic APPL profile which is set to UACC of NONE
and you have answered "Y" for the
"Authorize Servers to APPL profile" question in the V5
Customization Dialog Security Customization panel, the correct
RACF commands are currently generated to define the CBS390 APPL
and the permit for the WSCFG1 group and a refresh of the APPL:
.
RDEFINE APPL CBS390 UACC(NONE)
PERMIT CBS390 CLASS(APPL) ID(WSCFG1) ACCESS(READ)
SETROPTS CLASSACT(APPL)
.
Please be sure to do a REFRESH of the APPL to pick up the
change
.
However the permit does not include and needs to include the
permit for the WSCLGP group.  The permit should be:
PERMIT CBS390 CLASS(APPL) ID(WSCFG1 WSCLGP) ACCESS(READ)
where WSCLGP is the group WSGUEST belongs to.  Without this
permit you will see the following error message in the
controller region:
BBOS0003E initACEE (IRRSIA00) failed for MVS Userid: WSGUEST ,
   with APPLID: CBS390, with SAF Return Code=8,
   RACF Return Code=8, RACF Reason Code=32.
followed by a C9C24089 minor code, CORBA::NO_PERMISSION
exception from bbossecm.cpp and message:
BBOS0021E MSG_BBOSENUS_SEC_UNAUTH_USER: RACF - User ID is not
   authorized during init_acee create
and these messages are followed by:
BBOO0003E WEBSPHERE FOR Z/OS CONTROL PROCESS BBOS001 ENDED
   ABNORMALLY, REASON=C9C24089.
Local fix
Manually permit the group for WSGUEST, WSCLGP, to the CBS390
with RACF command:
PERMIT CBS390 CLASS(APPL) ID(WSCFG1 WSCLGP) ACCESS(READ)
.
Service level W500101 added a command to permit the
WSGUEST (or equivalent) userid to CBS390 when the
Customization Dialog option
Authorize Servers to APPL profile is set to Y.
.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: The PERMIT for CBS390 APPL needs to     *
*                      include GROUP WSCLGP for ID WSGUEST or  *
*                      Application Control Region Fails with   *
*                      BBOS003E.                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The default unauthenticated group name, WSCLGP, does not have
READ access to the APPL Class.

The BBOSBRAC module should be modified to include the
unauthenticated group in the APPL Class.
Problem conclusion Temporary fix Comments
This APAR is being closed FIN with concurrence from the
submitting customer. A solution to this problem will be
delivered in a WebSphere Application Server for z/OS
and OS/390 release within the next 18 months.

Resolution of this APAR has been provided in
PTF UQ81380.
APAR information
APAR number PQ76875
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED FIN
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-07-29
Closed date 2003-10-20
Last modified date 2003-12-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Publications Referenced

Fix information

Applicable component levels
R500 PSN    UP


Document Information


Current web document: swg1PQ76875.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ76875
IBM Group: Software Group
Modified date: Dec 2, 2003