APAR status
Closed as program error.
Error description
Running WebSphere Application Server zOS, If a user/userid
defined as EJBROLE 'configurator' fails to deploy an
Application on the server.
Exceptions in the Deployment Manager servant region,
Trace: 2006/11/11 11:19:45.208 01 t=BC97B8 c=UNK key=S2 (1300700
ThreadId: 00000036
FunctionName: com.ibm.ws.security.role.RoleBasedAuthorizerImpl
SourceId: com.ibm.ws.security.role.RoleBasedAuthorizerImpl
Category: FINEST
ExtendedMessage: SECJ0321E: Role based authorization is caller
in role failed for security name: tms accessID: user:ABCD/xyz
and role name: administrator
Trace: 2006/11/11 11:19:45.225 01 t=BC97B8 c=UNK key=S2 (1300700
ThreadId: 00000036
FunctionName: com.ibm.ws.management.repository.FileRepository
SourceId: com.ibm.ws.management.repository.FileRepository
Category: AUDIT
ExtendedMessage: BBOO0222I: ADMR0021E: User ABCD/xyz does not
have the required role for accessing a restricted document cells
/I1/applications/xyz.ear/deployments/xyz/xyz.war/WEB-INF/
applicationContext-security.xml.
-
This problem can be seen on these OS platforms:
AIX,HP-UX,i5/OS,Linux,Linux pSeries,Linux Red Hat -
pSeries,Linux zSeries,OS/400,Solaris,Windows
Local fix
Grant the user/userid as EJBROLE administrator.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server *
* V6.0.1 for z/OS *
****************************************************************
* PROBLEM DESCRIPTION: Permitting the RACF/SAF class EJBROLE *
* with the configurator role to a user, *
* was failing when the deployed *
* application had a file name that *
* ended with security.xml. The message *
* received is ADMR0021E: User ESS0/tms *
* does not have the required role for *
* accessing a restricted document *
* cells/I1/applications/EDKV21-I.ear/ *
* deployments/EDKV21-I/EdwfWeb.war/ *
* WEB-INF/applicationContext-security.xml *
****************************************************************
* RECOMMENDATION: *
****************************************************************
The RestrictedAccess class is indicating that a file
is restricted if the name ends with security.xml.
Problem conclusion
The RestrictedAccess class was changed to look for the
delimeter of foward slash (/), prior to the security.xml name,
before indicating that a file is restricted. Therefore the
search is now for the name /security.xml.
APAR PK36625 is currently targeted for inclusion in Service
Level (Fix Pack) 6.0.2.19 of WebSphere Application Server V6.0.1
for z/OS.
Temporary fix Comments
APAR information |
APAR number |
PK36625 |
Reported component name |
WEBSPHERE FOR Z |
Reported component ID |
5655I3500 |
Reported release |
601 |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2006-12-26 |
Closed date |
2007-03-27 |
Last modified date |
2007-06-05 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PK44887
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WEBSPHERE FOR Z |
Fixed component ID |
5655I3500 |
Applicable component levels |
R500 PSN |
UP |
R601 PSY UK24272 |
UP07/05/02 P F705 |
R610 PSN |
UP |
Fix is available |
Select the PTF appropriate for your component level. You will be
required to sign in. Distribution on physical media is not available in
all countries. |
|