I've been asked off-list to elaborate on my post. Truth is I have nothing else
to contribute. Health check ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM is installed by the
APAR but not activated. Odd if you ask me. So I activated it just on our
sandbox sysplex. *Immediately* got this:
* High Severity Exception *
IGVH114E Use of user key common storage detected since
03/09/2018 16:08:05
Explanation: User key common storage usage attempts were made on this
system. Usage attempts can be obtaining user key CSA/ECSA storage,
creating user key SCOPE=COMMON data spaces or changing the key of
SQA/ESQA storage to a user key using CHANGKEY. Allowing programs to
use user key common creates a security risk because common storage
can then be modified by any unauthorized program.
System Action: The system continues processing.
Operator Response: Please report this problem to the system
programmer.
OK, System Programmer response: no idea what the problem is. We have run in
this sysplex for many years with
VSM ALLOWUSERKEYCSA(YES) /* AFOP abends B78-5C in z/OS 1.9 */
We moved from AFOP to System Automation many years ago, so that's not the
culprit. The health check comes with lots of advice on how to find the
offender, but at this moment, we have no idea who that is. As I posted, lots of
work in the offing.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
[email protected]
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Jesse 1 Robinson
Sent: Tuesday, April 03, 2018 3:09 PM
To: [email protected]
Subject: (External):Re: UA94606
Thanks for this heads up. We also installed OA53355 (for 2.1 RSU) recently. I
totally missed this hold item. The relevant health check
ZOSMIGV2R3_NEXT_VSM_USERKEYCOMM was not activated. After reading this post, I
turned it on. Ouch. We have some work to do.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
[email protected]
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of [email protected]
Sent: Tuesday, April 03, 2018 11:51 AM
To: [email protected]
Subject: (External):UA94606
IBM prepares for the removal of support for user key common areas
I was presented with this PTF on our recent z/OS 2.2 Maintenance upgrade.
.
UA94606
.
The allocating, obtaining, or changing common areas of virtual
storage, such that the storage is in user key
(8-15), will not be supported after z/OS V2R3.
In addition, setting the DIAGxx parmlib statement VSM ALLOWUSERKEYCSA to YES
will not be supported after z/OS V2R3. IBM strongly recommends specifying or
defaulting the ALLOWUSERKEYCSA statement to NO.
Paul V. D'Angelo
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
