PQ68432: ADDITIONAL FUNCTION IN W401400 PRODUCES MESSAGES:ICH408I, BBOU0181E,BBOU0715E,BBOU0530E UNNECESSARILY FOR ISUSERINROLE. | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Since upgrading to W401400, customer seeing message: . BBOU0181E RACAUTH of class, SOMDOBJS, failed with SAF Return Code=00000008, RACF Return Code=00000008, RACF Reason Code=00000000.. . BBOU0715E MSG_BBOUENUS_SEC_REQUESTED_EJBROLES_CHECK_FUNCTION_FAILED: SAF Return Code (hex) : 8 The requested FASTAUTHCHECK function failed and could not be performed for Role Name BEN4 and Class Name changer. . BBOU0530E MSG_BBOUENUS_SEC_USER_OR_GROUP_NOT_AUTHORIZED: RACF Return Code (hex): 8 (RACROUTE) - The user or group is not authorized. . Also ICH message similar to: ICH408I USER(PBDC ) GROUP(CICSLIVE) NAME(...) pchanger CL(EJBROLE ) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(READ ) ACCESS ALLOWED(NONE ) . The behavior is expected but the customer was not seeing the messages before. So for every user that doesn't have access to a role, the failed RACF & 3 BBOU* messages appear for every role the user attempting to log in, does not have access to. It is resulting in hundreds of these messages. They are getting flooded with "failure" messages that they know are ok.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: RACF/WebSphere messages ICH408I, * * BBOU0181E, BBOU0715E,BBOU0530E are * * unnecessarily being produced for * * isUserInRole calls. * **************************************************************** * RECOMMENDATION: * **************************************************************** Several RACF messages are being produced, along with auditing, for all calls to isUserInRole. The isUserInRole interface is used to check for role inclusion without documenting non-inclusions. The RACF related messages should not be generated for calls to isUserInRole. Customers could see messages similar to the following: BBOU0181E RACAUTH of class, SOMDOBJS, failed with SAF Return Code=00000008, RACF Return Code=00000008, RACF Reason Code=00000000.. BBOU0715E MSG_BBOUENUS_SEC_REQUESTED_EJBROLES_CHECK_FUNCTION_FAILED: SAF Return Code (hex) : 8 The requested FASTAUTHCHECK function failed and could not be performed for Role Name BEN4 and Class Name changer. BBOU0530E MSG_BBOUENUS_SEC_USER_OR_GROUP_NOT_AUTHORIZED: RACF Return Code (hex): 8 (RACROUTE) - The user or group is not authorized. Also ICH message similar to: ICH408I USER(PBDC ) GROUP(CICSLIVE) NAME(...) pchanger CL(EJBROLE ) INSUFFICIENT ACCESS AUTHORITYProblem conclusion WebSphere access messaging and auditing have been removed from isUserInRole processing. APAR PQ68432 is associated with SERVICE LEVEL W401500 of WebSphere Application Server V4.0.1 for z/OS and OS/390.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ68432
IBM Group: Software Group
Modified date: Mar 5, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.