PQ96045: EXTENSIVE NUMBER OF AUDIT SMF RECORDS AS WELL AS A LARGE NUMBER OF VIOLATIONS REPORTED IF CA SECURITY PRODUCT USED.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
A large number of IsUserInRole() violations are reported in SMF
records as well as CA Security product (not RACF).

CA report shows:
04236 09:26:59.06 STC08623 00000090  TSS7250W 136 J=BBOS001S
  A=USERA TYPE=EJBROLE  RESOURCE=W5T.ADMINISTRATOR
04236 09:27:02.25 STC08623 00000090  TSS7250W 136 J=BBOS001S
  A=USERA TYPE=EJBROLE  RESOURCE=W5T.MONITOR

Note: This apar will fix the problem with SMF recording.  For
the complete fix for CA product, you'll need CA fix.  The temp
fix number is BEA6729 for Top Secret V5.2.  Contact CA support
for the formal fix number for specific level.
Local fix
ignore the messages - these are not errors.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: A large number of IsUserInRole()        *
*                      violations are reported in SMF audit    *
*                      records.                                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Currently any programmatic or declarative failure to
IsUserInRole creates/writes a SMF audit record because we call
the routine RACROUTE REQUEST=FASTAUTH with the option LOG=ASIS
The SMF records should not be recorded for programmatic calls.
Problem conclusion
Made sure that the option LOG=NOFAIL is passed into the
RACROUTE REQUEST=FASTAUTH for any programmatic call to
IsUserInRole. The LOG=NOFAIL option will prevent the SMF record
from being recorded.

APAR PQ96045 is associated with SERVICE LEVEL W502018 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ96045
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-10-20
Closed date 2004-11-12
Last modified date 2004-12-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ96047

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ95030    UP04/11/18 P F411

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ96045.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ96045
IBM Group: Software Group
Modified date: Dec 2, 2004