IBM Z Software
This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
The RACF enhanced password support in CICS TS 5.3 partially addresses this RFE because the full RACROUTE request is executed on an open TCB and so will not support the RO TCB. This enhancement is also available on lower releases via the followingg apars:
PI21865 for CICS TS V4.2
PI21866 for CICS TS V5.1
PI21866 for CICS TS V5.2
Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - Servers and Systems Software
Product family - Transaction Processing
Product - CICS Transaction Server
For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Transaction Processing
Product - CICS Transaction Server
Some days ago we had the same problem with an special RACF user, and the CICS of our bank was blocked more than 2 minutes by the message ICH302D.
Most of our transactions are started by the CICS Sockets listener CSKL (program EZACIC02 with a security exit that assign a different users to each task) and the listener was delayed until the operator response to message ICH302D.
Another problem was that the signon transaction CESN is continuously dispatched in the RO TCB, delaying others transaction that need this TCB (CICS uses the RO TCB not only for RACF calls, this TCB is used for Open/Close files, program loads, etc…)
CICS must permit multiple signon tasks in parallel using Open TCBs for example.
As documented in the ICH302I message, CICS single threads RACF requests, therefore to avoid this problem the only current solution is to avoid using userids with the special operation attribute on CICS regions.
ICH302D is designed to prevent attacks on userids with the special operations attribute, therefore is not something CICS can bypass directly. It will be necessary to multithread the RACF requests to avoid blocking other requests.
Multithreading RACF requests in CICS is not something we are looking at addressing in the short term, but is a candidate for inclusion in a future release.
It is good if CICS can continue processing with RACROUTE command from other programs while message ICH302D appeared for a user.