PQ62755: WEBSPHERE CUSTOMIZATION IS MISSING CREATE OF CBS390 RACF APPL ALONG WITH ASSOCIATED PERMITS

APAR status
Closed as fixed if next.

Error description
RLIST APPL CBS390 ALL will show you if this APPL is defined.  If
it is, it was most likely defined because there was a generic
APPL profile which is set to UACC of NONE.  You can see if there
is a generic APPL profile with command RLIST APPL * ALL.  The
WebSphere groups require read access to CBS390.  This APAR is to
include this setup into the Customization Dialog job for the
security setup, BBOWBRAC.
.
If CBS390 is not defined but there is a generic APPL profile
with UACC of NONE, issue the following command to define it:
.
RDEFINE APPL CBS390 UACC(NONE)
.
Now that it is defined, or if it was already defined, issue
the following permit (note the statement should be all on one
line):
.
PERMIT CBS390 CLASS(APPL)
 ID(CBCLGP CBADMGP CBCTL1 CBSR1 CBASR1 CBASR2 CBIVPGP CBIVPGP2)
 ACCESS(READ)
.
Finally, refresh the class with this command:
.
SETROPTS CLASSACT(APPL)
.
The groups used in the PERMIT statement are the default groups.
If they have been customized, the customized values should be
substituted.  This is the use of the groups:
.
CBCLGP   - Default local and remote user ID System Management
             associates with servers
CBADMGP  - WebSphere administrators
CBCTL1   - WebSphere runtime and application server control
             regions
CBSR1    - WebSphere runtime server server regions
CBASR1   - CORBA IVP server server region
CBASR2   - J2EE IVP server server region
CBIVPGP  - CORBA IVP client
CBIVPGP2 - J2EE IVP client
.
The symptoms of this problem are Bootstrap phase 1 fails for
the Naming control region with message:
BBOU0003E CB SERIES CONTROL REGION NAMING01 ENDED ABNORMALLY,
REASON=C9C24089
indicating a user is not authorized.  The following message
also can be found in the WAS error log for the Naming server
control region (BBONM):
BBOU0096E initACEE (IRRSIA00) failed for MVS
Userid: CBGUEST , with SAF Return Code=8, RACF Return Code=8,
RACF Reason Code=32
Local fix
Manually issue the RDEFINE and/or PERMITs from the error
description.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: WebSphere V4.0.1 Bootstrap phase 1      *
*                      fails for the Naming control region     *
*                      with message BBOU0003E.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
WebSphere V4.0.1 Bootstrap phase 1 fails for the Naming control
region with message:
  BBOU0003E CB SERIES CONTROL REGION NAMING01 ENDED ABNORMALLY,
  REASON=C9C24089
indicating a user is not authorized.  The following message
also can be found in the WAS error log for the Naming server
control region (BBONM):
  BBOU0096E initACEE (IRRSIA00) failed for MVS
  Userid: CBGUEST , with SAF Return Code=8, RACF Return Code=8,
  RACF Reason Code=32
The failure reason code indicates that the user is not
authorized via RACF.  One reason for the error is that your
installation has a generic APPL profile defined.  You can
use RLIST APPL CBS390 ALL to show you if this APPL is defined.
It is most likely defined with a generic APPL profile set to
UACC of NONE.  You can see if there is a generic APPL profile
with command RLIST APPL * ALL.  The WebSphere groups require
read access to CBS390. One solution to this APAR is to include
this setup into the Customization Dialog job for the security
setup, BBOWBRAC.

If CBS390 is not defined but there is a generic APPL profile
with UACC of NONE, issue the following command to define it:

  RDEFINE APPL CBS390 UACC(NONE)

Now that it is defined, or if it was already defined, issue
the following permit (note the statement should be all on one
line):

  PERMIT CBS390 CLASS(APPL)
  ID(CBCLGP CBADMGP CBCTL1 CBSR1 CBASR1 CBASR2 CBIVPGP CBIVPGP2)
  ACCESS(READ)

Then, refresh the class with this command:

  SETROPTS CLASSACT(APPL)

The groups used in the PERMIT statement are the default groups.
If they have been customized, the customized values should be
substituted.  This is the use of the groups:

 CBCLGP   - Default local and remote user ID System Management
  associates with servers
 CBADMGP  - WebSphere administrators
 CBCTL1   - WebSphere runtime and application server control
  regions
 CBSR1    - WebSphere runtime server server regions
 CBASR1   - CORBA IVP server server region
 CBASR2   - J2EE IVP server server region
 CBIVPGP  - CORBA IVP client
 CBIVPGP2 - J2EE IVP client

A solution to APAR PQ62755 will be provided in a future release.
Until then, the following LOCAL FIX can be used to address the
issue:

Local Fix:
Manually issue the RDEFINE and/or PERMITs as documented
in the Problem Summary of APAR PQ62755.
Problem conclusion Temporary fix Comments
This APAR is being closed FIN with concurrence from the
submitting customer. A solution to this problem will be
delivered in a WebSphere Application Server for z/OS
and OS/390 release within the next 18 months.

A fix for the reported problem was provided
in WebSphere for z/OS V5.0 PTF UQ77804.
APAR information
APAR number PQ62755
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED FIN
PE NoPE
HIPER NoHIPER
Submitted date 2002-06-28
Closed date 2003-06-17
Last modified date 2003-09-18

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels
R401 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ62755
IBM Group: Software Group
Modified date: Sep 18, 2003