PQ76875: THE PERMIT FOR CBS390 APPL NEEDS TO INCLUDE GROUP WSCLGP FOR ID WSGUEST OR APPLICATION CONTROLLER REGION FAILS WITH BBOS0003E | |||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||
APAR status Closed as fixed if next. Error description If you have a generic APPL profile which is set to UACC of NONE and you have answered "Y" for the "Authorize Servers to APPL profile" question in the V5 Customization Dialog Security Customization panel, the correct RACF commands are currently generated to define the CBS390 APPL and the permit for the WSCFG1 group and a refresh of the APPL: . RDEFINE APPL CBS390 UACC(NONE) PERMIT CBS390 CLASS(APPL) ID(WSCFG1) ACCESS(READ) SETROPTS CLASSACT(APPL) . Please be sure to do a REFRESH of the APPL to pick up the change . However the permit does not include and needs to include the permit for the WSCLGP group. The permit should be: PERMIT CBS390 CLASS(APPL) ID(WSCFG1 WSCLGP) ACCESS(READ) where WSCLGP is the group WSGUEST belongs to. Without this permit you will see the following error message in the controller region: BBOS0003E initACEE (IRRSIA00) failed for MVS Userid: WSGUEST , with APPLID: CBS390, with SAF Return Code=8, RACF Return Code=8, RACF Reason Code=32. followed by a C9C24089 minor code, CORBA::NO_PERMISSION exception from bbossecm.cpp and message: BBOS0021E MSG_BBOSENUS_SEC_UNAUTH_USER: RACF - User ID is not authorized during init_acee create and these messages are followed by: BBOO0003E WEBSPHERE FOR Z/OS CONTROL PROCESS BBOS001 ENDED ABNORMALLY, REASON=C9C24089.Local fix Manually permit the group for WSGUEST, WSCLGP, to the CBS390 with RACF command: PERMIT CBS390 CLASS(APPL) ID(WSCFG1 WSCLGP) ACCESS(READ) . Service level W500101 added a command to permit the WSGUEST (or equivalent) userid to CBS390 when the Customization Dialog option Authorize Servers to APPL profile is set to Y. .Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: The PERMIT for CBS390 APPL needs to * * include GROUP WSCLGP for ID WSGUEST or * * Application Control Region Fails with * * BBOS003E. * **************************************************************** * RECOMMENDATION: * **************************************************************** The default unauthenticated group name, WSCLGP, does not have READ access to the APPL Class. The BBOSBRAC module should be modified to include the unauthenticated group in the APPL Class.Problem conclusion Temporary fix Comments This APAR is being closed FIN with concurrence from the submitting customer. A solution to this problem will be delivered in a WebSphere Application Server for z/OS and OS/390 release within the next 18 months. Resolution of this APAR has been provided in PTF UQ81380.
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros Publications Referenced
|
Document Information |
Current web document: swg1PQ76875.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ76875
IBM Group: Software Group
Modified date: Dec 2, 2003
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.