PQ76235: CONNECTING A USER TO A GROUP FOR AN EJBROLE GIVES NO ADDITIONAL CREDENTIALS UNLESS WEBSPHERE FOR Z/OS SERVER IS RESTARTED.

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The customer defines an EJBROLE and permits a RACF group to it.
The customer then connects a user to the group, which should
permit the user to the EJBROLE. However, the user's subsequent
attempts to access services which require the permission to the
EJBROLE continue to fail. This persists until the WebSphere for
z/OS application server is stopped and restarted.
Local fix
A WLM Refresh operation will bring down the server regions and
restart them.  However, this can cause an outage which should
not be tolerated when the server is in production.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 version 4.0.1 for z/OS and OS/390.           *
****************************************************************
* PROBLEM DESCRIPTION: Connecting a user to a group for        *
*                      ejbrole access yieldS message BBOU0181E *
*                      with SAF RCs 8/8/0.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Adding a user to a group does not change active users ACEEs or
ENVR structures. WebSphere pools certain SAF identities for
reuse, and would not pick up the users new group connection
without recycling the server.
Problem conclusion
Support has been modified to enable SAF to manage these
identities, and make sure WebSphere does not pool them.

APAR PQ76235 is associated with SERVICE LEVEL W401603 of
WebSphere Application Server version 4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ76235
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-07-10
Closed date 2003-10-09
Last modified date 2003-11-02

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
UQ80970 PQ79937

Modules/Macros
BBOOOPIP BBOOOPIX BBOOORBP BBOOORBX BBOOOUTP BBOOPCCR
BBOORCTX BBOORDTA BBOOTTIP BBOOTTIX BBOROBML BBOROBMS
BBOROMDL BBOROOPI BBOROSMD BBORRMGR BBORTRCD BBOSSDB2
BBOSSEXT BBOSSITU BBOSSMET BBOSSRPW BBOSSRVA BBOUBINF
BBO3BEGC BBO3CTXP BBO3CTXX BBO3ENDC BBO3SWCH  

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ80970    UP03/10/14 P F310

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ76235
IBM Group: Software Group
Modified date: Nov 2, 2003