PQ73046: WEBSPHERE FOR Z/OS DOES NOT PROPERLY SUPPORT THE USE OF RACF CLASS GEJBROLE.

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Userid TESTID has been permitted access to a RACF profile set
up as follows:
RDEFINE EJBROLE  ARCHITECT   UACC(NONE)
RDEFINE EJBROLE  SPECIALIST  UACC(NONE)
RDEFINE GEJBROLE Supervisors UACC(NONE) OWNER(OWNERID) +
            ADDMEM(ARCHITECT,SPECIALIST) APPLDATA('CICSUSER')
PERMIT Supervisors CLASS(GEJBROLE) ID(OWNERID,TESTID)
            ACCESS(READ)
An EJB has methods defined with RUNAS(ROLE) and the ROLE is
ARCHITECT. The APPLDATA associated with role Supervisors is the
ID authorized to connect to CICS. When one of these EJB methods
is invoked to attempt to connect to CICS, the connect fails
because the EJB container is unable to EXTRACT the APPLDATA
from the GEJBROLE profile. The EJB container seems to look for
Local fix
APPLDATA only in class EJBROLE. If an EJBROLE of ARCHITECT is
defined as follows:
    RDEFINE EJBROLE ARCHITECT UACC(NONE) APPLDATA('CICSUSER')
    PERMIT  ARCHITECT CLASS(EJBROLE) ID(TESTID,OWNERID)
            ACCESS(READ)
then the methods running as role ARCHITECT now successfully
connect.
The lookup of APPLDATA should return CICSUSER if it is present
on either the GEJBROLE Supervisors or EJBROLE ARCHITECT.
APPLDATA only in class EJBROLE. If an EJBROLE of ARCHITECT is
APPLDATA only in class EJBROLE. If an EJBROLE of ARCHITECT is
Put APPLDATA on the EJBROLEs instead of on the GEJBROLEs.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: If EJBROLE mapping to a SAF userid is   *
*                      done using GEJBROLE profiles, the SAF   *
*                      userid in the APPLDATA for the GEJBROLE *
*                      is not found.                           *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The RACROUTE REQUEST=EXTRACT call in BBOSSITU.PLX, which obtains
the APPLDATA for the requested EJBROLE, does not use options
MATCHGN=YES and BRANCH=YES, which are needed if the extract
search is to include GEJBROLE profiles. As a result, only
EJBROLE profiles are searched.
Problem conclusion
The RACROUTE REQUEST=EXTRACT call in BBOSSITU.PLX was updated to
include MATCHGN=YES and BRANCH=YES.

APAR PQ73046 is associated with SERVICE LEVEL W401505 of
WebSphere Application Server V4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ73046
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-04-09
Closed date 2003-05-14
Last modified date 2003-06-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ76901    UP03/05/19 P F305

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ73046
IBM Group: Software Group
Modified date: Jun 5, 2003