PQ79937: CONNECTING A USER TO A GROUP FOR AN EJBROLE GIVES NO ADDITIONAL CREDENTIALS UNLESS WEBSPHERE FOR Z/OS SERVER IS RESTARTED.

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The customer defines an EJBROLE and permits a RACF group to it.
The customer then connects a user to the group, which should
permit the user to the EJBROLE. However, the user's subsequent
attempts to access services which require the permission to the
EJBROLE continue to fail. This persists until the WebSphere for
z/OS application server is stopped and restarted.
Local fix
A WLM Refresh operation will bring down the server regions and
restart them.  However, this can cause an outage which should
not be tolerated when the server is in production.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Connecting a user to a group for        *
*                      ejbrole access yields message BBOU0181E *
*                      with SAF RCs 8/8/0.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Adding a user to a group does not change active users ACEEs or
ENVR structures. WebSphere pools certain SAF identities for
reuse, and would not pick up the users new group connection
without recycling the server.
Problem conclusion
Enable SAF to manage these identities, and make sure WebSphere
does not pool them.

APAR PQ79937 is associated with SERVICE LEVEL W501002 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ79937
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-10-22
Closed date 2003-10-22
Last modified date 2003-11-02

APAR is sysrouted FROM one or more of the following:
PQ76235

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ81380    UP03/10/28 P F310

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ79937.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ79937
IBM Group: Software Group
Modified date: Nov 2, 2003