PQ65688: ICH408I SHOULD NOT BE ISSUED AS A RESULT OF A CONTROL CHECK ON A SESSION 'OWNER'. | |||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description SSL is not used in anyway yet we are seeing security violations indicating that the Web Server userid needs CONTROL access to CBIND resource CB.BIND.<servername> This resource currently has a UACC of READ as outlined in the install process. We do not want to give the WEB server CONTROL access when it should only need READ. But the following is generated when an application server is first started: ICH408I USER(xxxxxx ) GROUP(IMWEB ) NAME(IBM HTTP SERVER STC CB.BIND.PS9ASR1 CL(CBIND ) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(CONTROL) ACCESS ALLOWED(READ ) where xxxxxx is the user id of a web server and and PS9ASR1 is the name of the WAS app server control region. In this situation CONTROL access is not required and therefore no warning message should be issued when access less than CONTROL is used.Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V4.0.1 for z/OS and OS/390 * **************************************************************** * PROBLEM DESCRIPTION: ICH408I should not be issued as a * * result of a control check. * **************************************************************** * RECOMMENDATION: * **************************************************************** Local security checks CONTROL access for the owner of the client side address space. If a authorization check failure occurs a ICH408I message is issued that should not be.Problem conclusion The ICH408I message will be suppressed for the CONTROL check of the session owner, and the local authorization checks will exactly mimic the remote checks. APAR PQ65688 is associated with SERVICE LEVEL W401402 of WebSphere Application Server V4.0.1 for z/OS and OS/390.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ65688
IBM Group: Software Group
Modified date: Nov 3, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.