PQ68432: ADDITIONAL FUNCTION IN W401400 PRODUCES MESSAGES:ICH408I, BBOU0181E,BBOU0715E,BBOU0530E UNNECESSARILY FOR ISUSERINROLE.

 A fix may be available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Since upgrading to W401400, customer seeing message:
.
BBOU0181E RACAUTH of class, SOMDOBJS, failed with SAF Return
Code=00000008, RACF Return Code=00000008, RACF Reason
 Code=00000000..
.
BBOU0715E
MSG_BBOUENUS_SEC_REQUESTED_EJBROLES_CHECK_FUNCTION_FAILED:
SAF Return Code (hex) : 8 The requested FASTAUTHCHECK function
failed and could not be performed for Role Name BEN4 and Class
Name changer.
.
BBOU0530E MSG_BBOUENUS_SEC_USER_OR_GROUP_NOT_AUTHORIZED: RACF
Return Code (hex): 8 (RACROUTE) - The user or group is not
authorized.
.
Also ICH message similar to:
ICH408I  USER(PBDC     ) GROUP(CICSLIVE) NAME(...)
   pchanger CL(EJBROLE )
   INSUFFICIENT ACCESS AUTHORITY
   ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )
.
The behavior is expected but the customer was not seeing the
messages before.  So for every user that doesn't have access to
a role, the failed RACF & 3 BBOU* messages appear for every role
the user attempting to log in, does not have access to.  It is
resulting in hundreds of these messages.  They are getting
flooded with "failure" messages that they know are ok.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V4.0.1 for z/OS and OS/390                   *
****************************************************************
* PROBLEM DESCRIPTION: RACF/WebSphere messages ICH408I,        *
*                      BBOU0181E, BBOU0715E,BBOU0530E are      *
*                      unnecessarily being produced for        *
*                      isUserInRole calls.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Several RACF messages are being produced, along with auditing,
for all calls to isUserInRole. The isUserInRole interface is
used to check for role inclusion without documenting
non-inclusions. The RACF related messages should not be
generated for calls to isUserInRole. Customers could see
messages similar to the following:

BBOU0181E RACAUTH of class, SOMDOBJS, failed with SAF Return
Code=00000008, RACF Return Code=00000008, RACF Reason
Code=00000000..

BBOU0715E
MSG_BBOUENUS_SEC_REQUESTED_EJBROLES_CHECK_FUNCTION_FAILED:
SAF Return Code (hex) : 8 The requested FASTAUTHCHECK function
failed and could not be performed for Role Name BEN4 and Class
Name changer.

BBOU0530E MSG_BBOUENUS_SEC_USER_OR_GROUP_NOT_AUTHORIZED: RACF
Return Code (hex): 8 (RACROUTE) - The user or group is not
authorized.

Also ICH message similar to:
ICH408I  USER(PBDC     ) GROUP(CICSLIVE) NAME(...)
pchanger CL(EJBROLE )
INSUFFICIENT ACCESS AUTHORITY
Problem conclusion
WebSphere access messaging and auditing have been removed from
isUserInRole processing.

APAR PQ68432 is associated with SERVICE LEVEL W401500 of
WebSphere Application Server V4.0.1 for z/OS and OS/390.
Temporary fix Comments
APAR information
APAR number PQ68432
Reported component name WASKBASE
Reported component ID 5655A9801
Reported release 401
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-11-20
Closed date 2003-02-13
Last modified date 2003-03-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Fix information
Fixed component name WASKBASE
Fixed component ID 5655A9801

Applicable component levels
R401 PSY UQ74000    UP03/02/28 P F302

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 401
Software edition:
Reference #: PQ68432
IBM Group: Software Group
Modified date: Mar 5, 2003