PQ79022: WEBSPHERE CUSTOMIZATION IS MISSING CREATE OF CBS390 RACF APPL | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description RLIST APPL CBS390 ALL will show you if this APPL is defined. If it is, it was most likely defined because there was a generic APPL profile which is set to UACC of NONE. You can see if the is a generic APPL profile with command RLIST APPL * ALL. The WebSphere groups require read access to CBS390. This APAR is include this setup into the Customization Dialog job for the security setup, BBOWBRAC. PERMIT CBS390 CLASS(APPL) ID(CBCLGP CBADMGP CBCTL1 CBSR1 CBASR1 CBASR2 CBIVPGP CBIVPGP2) ACCESS(READ) . Finally, refresh the class with this command: . SETROPTS CLASSACT(APPL) . The groups used in the PERMIT statement are the default groups. If they have been customized, the customized values should be substituted. This is the use of the groups: . CBCLGP - Default local and remote user ID System Management associates with servers CBADMGP - WebSphere administrators CBCTL1 - WebSphere runtime and application server control regions CBSR1 - WebSphere runtime server server regions CBASR1 - CORBA IVP server server region CBASR2 - J2EE IVP server server region CBIVPGP - CORBA IVP client CBIVPGP2 - J2EE IVP client . The symptoms of this problem are Bootstrap phase 1 fails for the Naming control region with message: BBOU0003E CB SERIES CONTROL REGION NAMING01 ENDED ABNORMALLY, REASON=C9C24089 indicating a user is not authorized. The following message also can be found in the WAS error log for the Naming server control region (BBONM): BBOU0096E initACEE (IRRSIA00) failed for MVS Userid: CBGUEST , with SAF Return Code=8, RACF Return Code=8, RACF Reason Code=32Local fix Manually issue the RDEFINE and/or PERMITs from the error description.Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * version 4.0.1 for z/OS and OS/390. * **************************************************************** * PROBLEM DESCRIPTION: The WebSphere Customization Dialog is * * missing the create of the CBS390 RACF * * APPL class profile. * **************************************************************** * RECOMMENDATION: * **************************************************************** The WebSphere groups require access to the APPL class profile CBS390 if the APPL class is active. Starting the WebSphere servers will fail if a generic profile exists (e.g. *) that covers the CBS390 profile name, and if the WebSphere groups do not have READ permission.Problem conclusion The Customization Dialog is modified to generate, on request, these RACF commands: RDEFINE APPL CBS390 UACC(READ) PERMIT CBS390 CLASS(APPL) ID(xxx) ACC(READ) where xxx represents the set of WebSphere user groups SETROPTS CLASSACT(APPL) The default is that these commands are not generated. The security panel has a new question: Use APPL profile to restrict access to WebSphere: Y/N and an updated help panel The help text for the security panel will read as follows: ... Use SSL client certificates With this option, both the server and client pass digital certificates to prove their identities to each other. Use APPL profile to restrict access to WebSphere Specify "Y" to use an APPL profile that restricts WebSphere for z/OS access. Creating such profiles is recommended if the APPL class is already activated in your installation or if you have a generic APPL profil that causes failure of users with a CBS390 profile. Test certificate authority label ... APAR PQ79022 is associated with SERVICE LEVEL W401606 of WebSphere Application Server version 4.0.1 for z/OS and OS/390.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UQ82447 Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ79022
IBM Group: Software Group
Modified date: Jan 3, 2004
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.