PQ59488: MISSING RACF DEFINITIONS GENERATED

APAR status
Closed as fixed if next.

Error description
The RACF definitions generated by the ispf customization
dialogs for OPERCMDS are missing a permission for the
system management control region identity to start naming
and ir.  This is required during bootstrap processing.
The following failure is encountered:
 14.09.34 STC01345  START
BBONM.NAMING01,SRVNAME='NAMING01',PARMS='-ORBCBI COLD'
 14.09.34 STC01345  IEE345I START    AUTHORITY INVALID, FAILED B
SECURITY PRODUCT
 14.09.34 STC01345  ICH408I USER(SYSWSMC ) GROUP(CBCTL1  ) NAME(
SYSMGT CR       )
                      MVS.START.STC.BBONM.NAMING01 CL(OPERCMDS)
                      INSUFFICIENT ACCESS AUTHORITY
This is what is generated:
"PERMIT MVS.START.STC.**  CLASS(OPERCMDS)  ID(SYSWSDM SYSWSMS)
|| ,
"PDATE)"
"PERMIT MVS.STOP.STC.**  CLASS(OPERCMDS)  ID(SYSWSDM SYSWSMS)  A
|| ,
"DATE)"
"PERMIT MVS.MODIFY.STC.**  CLASS(OPERCMDS)  ID(SYSWSDM SYSWSMS)
|| ,
"UPDATE)"
"PERMIT MVS.CANCEL.STC.**  CLASS(OPERCMDS)  ID(SYSWSDM SYSWSMS)
|| ,
"UPDATE)"
"PERMIT MVS.FORCE.STC.**  CLASS(OPERCMDS)  ID(SYSWSDM SYSWSMS)
|| ,
"ONTROL)"
Local fix
Issue racf command to provide this authority.  A sample
follows:
"PERMIT MVS.START.STC.**  CLASS(OPERCMDS)  ID(<sm ctl ident>)
|| ,
"PDATE)"
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: If the authorization for Operator       *
*                      Commands (OPERCMDS) is set by the       *
*                      "WebSphere for z/OS Customization"      *
*                      Dialog, boostrap processing fails.      *
*                      The following failure is encountered:   *
*                      IEE345I START AUTHORITY INVALID,        *
*                        FAILED BY SECURITY PRODUCT            *
*                      ICH408I USER(XXXXXXX ) GROUP(CBCTL1  )  *
*                        NAME(SYSMGT CR       )                *
*                        MVS.START.STC.BBONM.NAMING01          *
*                        CL(OPERCMDS)                          *
*                        INSUFFICIENT ACCESS AUTHORITY         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The RACF definitions generated by the "WebSphere for z/OS
Customization" Dialog for OPERCMDS are missing a permission
for the system management control region identity to start the
naming and Interface Repository Servers.
Problem conclusion Temporary fix Comments
This APAR is being closed FIN with concurrence from the
submitting customer. A solution to this problem will be
delivered in a WebSphere Application Server for z/OS
and OS/390 release within the next 18 months.
APAR information
APAR number PQ59488
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED FIN
PE NoPE
HIPER NoHIPER
Submitted date 2002-03-27
Closed date 2002-04-30
Last modified date 2002-04-30

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Applicable component levels
R401 PSN    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ59488
IBM Group: Software Group
Modified date: Apr 30, 2002