PQ62755: WEBSPHERE CUSTOMIZATION IS MISSING CREATE OF CBS390 RACF APPL ALONG WITH ASSOCIATED PERMITS | |||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||
APAR status Closed as fixed if next. Error description RLIST APPL CBS390 ALL will show you if this APPL is defined. If it is, it was most likely defined because there was a generic APPL profile which is set to UACC of NONE. You can see if there is a generic APPL profile with command RLIST APPL * ALL. The WebSphere groups require read access to CBS390. This APAR is to include this setup into the Customization Dialog job for the security setup, BBOWBRAC. . If CBS390 is not defined but there is a generic APPL profile with UACC of NONE, issue the following command to define it: . RDEFINE APPL CBS390 UACC(NONE) . Now that it is defined, or if it was already defined, issue the following permit (note the statement should be all on one line): . PERMIT CBS390 CLASS(APPL) ID(CBCLGP CBADMGP CBCTL1 CBSR1 CBASR1 CBASR2 CBIVPGP CBIVPGP2) ACCESS(READ) . Finally, refresh the class with this command: . SETROPTS CLASSACT(APPL) . The groups used in the PERMIT statement are the default groups. If they have been customized, the customized values should be substituted. This is the use of the groups: . CBCLGP - Default local and remote user ID System Management associates with servers CBADMGP - WebSphere administrators CBCTL1 - WebSphere runtime and application server control regions CBSR1 - WebSphere runtime server server regions CBASR1 - CORBA IVP server server region CBASR2 - J2EE IVP server server region CBIVPGP - CORBA IVP client CBIVPGP2 - J2EE IVP client . The symptoms of this problem are Bootstrap phase 1 fails for the Naming control region with message: BBOU0003E CB SERIES CONTROL REGION NAMING01 ENDED ABNORMALLY, REASON=C9C24089 indicating a user is not authorized. The following message also can be found in the WAS error log for the Naming server control region (BBONM): BBOU0096E initACEE (IRRSIA00) failed for MVS Userid: CBGUEST , with SAF Return Code=8, RACF Return Code=8, RACF Reason Code=32Local fix Manually issue the RDEFINE and/or PERMITs from the error description.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: WebSphere V4.0.1 Bootstrap phase 1 * * fails for the Naming control region * * with message BBOU0003E. * **************************************************************** * RECOMMENDATION: * **************************************************************** WebSphere V4.0.1 Bootstrap phase 1 fails for the Naming control region with message: BBOU0003E CB SERIES CONTROL REGION NAMING01 ENDED ABNORMALLY, REASON=C9C24089 indicating a user is not authorized. The following message also can be found in the WAS error log for the Naming server control region (BBONM): BBOU0096E initACEE (IRRSIA00) failed for MVS Userid: CBGUEST , with SAF Return Code=8, RACF Return Code=8, RACF Reason Code=32 The failure reason code indicates that the user is not authorized via RACF. One reason for the error is that your installation has a generic APPL profile defined. You can use RLIST APPL CBS390 ALL to show you if this APPL is defined. It is most likely defined with a generic APPL profile set to UACC of NONE. You can see if there is a generic APPL profile with command RLIST APPL * ALL. The WebSphere groups require read access to CBS390. One solution to this APAR is to include this setup into the Customization Dialog job for the security setup, BBOWBRAC. If CBS390 is not defined but there is a generic APPL profile with UACC of NONE, issue the following command to define it: RDEFINE APPL CBS390 UACC(NONE) Now that it is defined, or if it was already defined, issue the following permit (note the statement should be all on one line): PERMIT CBS390 CLASS(APPL) ID(CBCLGP CBADMGP CBCTL1 CBSR1 CBASR1 CBASR2 CBIVPGP CBIVPGP2) ACCESS(READ) Then, refresh the class with this command: SETROPTS CLASSACT(APPL) The groups used in the PERMIT statement are the default groups. If they have been customized, the customized values should be substituted. This is the use of the groups: CBCLGP - Default local and remote user ID System Management associates with servers CBADMGP - WebSphere administrators CBCTL1 - WebSphere runtime and application server control regions CBSR1 - WebSphere runtime server server regions CBASR1 - CORBA IVP server server region CBASR2 - J2EE IVP server server region CBIVPGP - CORBA IVP client CBIVPGP2 - J2EE IVP client A solution to APAR PQ62755 will be provided in a future release. Until then, the following LOCAL FIX can be used to address the issue: Local Fix: Manually issue the RDEFINE and/or PERMITs as documented in the Problem Summary of APAR PQ62755.Problem conclusion Temporary fix Comments This APAR is being closed FIN with concurrence from the submitting customer. A solution to this problem will be delivered in a WebSphere Application Server for z/OS and OS/390 release within the next 18 months. A fix for the reported problem was provided in WebSphere for z/OS V5.0 PTF UQ77804.
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ62755
IBM Group: Software Group
Modified date: Sep 18, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.