Compliance Event Manager 5.0 1 CA RS 1710 Service List Service Description Type RO92481 CEM INITIAL GA MANTINENCE PTF RO92839 CEM R5.0 ACF2 UID SECURITY FIX FOR CEM.POLICY/REPORTS PTF RO93209 DATAMART NODE SELECTION IN CEM UI CAUSES LDP6514E PTF RO93239 CEME EVENTS LOST DURING TEMP SERVER STARTUP *HIP/PRP* RO93963 CEM TOMCAT UPGRADE PTF RO95496 STATUS COMMAND FAILURE PTF The CA RS 1710 service count for this release is 6
Compliance Event Manager 2 CA RS 1710 Service List for CCEM500 FMID Service Description Type CCEM500 RO92481 CEM INITIAL GA MANTINENCE PTF RO92839 CEM R5.0 ACF2 UID SECURITY FIX FOR CEM.POLICY/REPORTS PTF RO93209 DATAMART NODE SELECTION IN CEM UI CAUSES LDP6514E PTF RO93239 CEME EVENTS LOST DURING TEMP SERVER STARTUP *HIP/PRP* RO93963 CEM TOMCAT UPGRADE PTF RO95496 STATUS COMMAND FAILURE PTF The CA RS 1710 service count for this FMID is 6
Compliance Event Manager 5.0 3 CA RS 1710 - PTF RO92481 Service RO92481 RO92481 M.C.S. ENTRIES = ++PTF (RO92481) CEM INITIAL GA MANTINENCE ENHANCEMENT DESCRIPTION: This is a Day 0 PTF to be applied to a CEM 5.0 GA install that contains further enhancements to the new GUI. PRODUCT(S) AFFECTED: Related Problem: CEVM 30 Copyright (C) 2016 CA. All rights reserved. R00034-CEM050-SP1 DESC(CEM INITIAL GA MANTINENCE). ++VER (Z038) FMID (CCEM500) PRE ( RO89315 RO89752 RO90291 RO90546 RO91699 ) SUP ( TR92481 ) ++HOLD (RO92481) SYSTEM FMID(CCEM500) REASON (DYNACT ) DATE (16300) COMMENT ( +----------------------------------------------------------------------+ CA Compliance Event Manager Version 5.0 SEQUENCE After Apply. Prior to tomcat restart. PURPOSE Impliment PTF into TOMCAT server USERS All Users. AFFECTED KNOWLEDGE SMP/E. REQUIRED Product Installation. Product Deployment. USS Commands. ACCESS Access to the USS directory where CEM is installed. REQUIRED Permissions to make changes on the USS directory. * STEPS TO PERFORM * After applying the apar A. If none of the installation, deployment, customization and configuration steps have been completed, no special action is needed. You can proceed with those steps. B. If an installation deployment was done: 1. You must deploy the updated libraries. Use your sites method run the maintenance deploy jobs supplied in the cemhwl.cemmlq. INSTALL.SAMPJCL library. Refer to the 'Deploy the Product' section in the Compliance Event Manager documentation. 2. All customized jobs, procedures, parameters and permissions were customized to use the data set qualifier values that were specified during customization. It is necessary to get the maintenance deployment library members into data sets with the same names as the installation deployment libraries. If you want to preserve the current libraries, you should rename them before renaming or copying the maintenance libraries to the deployment libraries. 3. The mounted OMVS data set must be unmounted so you can rename/ copy the new OMVS file. You can do this several ways but the easiest would be to use IDCAMS to rename the installation OMVS data set and rename the new one to the installation deployment name. This method will allow your existing
Service Compliance Event Manager 5.0 4 CA RS 1710 - PTF RO92481 mount commands to work in the future. 4. Mount the new OMVS file to the same mount point that was used before. This step must be completed prior to proceeding to the next step. C. If the customization and configuration steps were completed: 1. The following steps will delete and/or rename libraries that are being used by Compliance Event Manager tasks and cannot be done done while Compliance Event Manager tasks are active. You will need to shut down all CEM started tasks. 2. Copy CEMECFGX from the cemhlq.cemmlq.ccemoptv library into the cemehlq.cememlq.stage.cfglib library. 3. Run CEMCCONF from the cemehlq.cememlq.sampjcl library. This will delete and recreate all cemehlq.cememlq.custom.* libraries. If any manual changes were made in these libraries during installation, they should be saved prior to running CEMCCONF. 4. Rerun the J01160SP job. This job is required to copy configuration files into the new OMVS environment. *NOTE: This fix needs to be applied in combination with LDAP PTF RO92487 ). PARM(PATHMODE(0,7,7,5)) SHSCRIPT(CEMETOMS,POST). PARM(PATHMODE(0,7,7,5)).
Compliance Event Manager 5.0 5 CA RS 1710 - PTF RO92839 Service RO92839 RO92839 M.C.S. ENTRIES = ++PTF (RO92839) CEM R5.0 ACF2 UID SECURITY FIX FOR CEM.POLICY/REPORTS PROBLEM DESCRIPTION: ACF2 security jobs are missing the ACF2 masking characters that are necessary for CEM.POLICY.- and CEM.REPORTS.- permits. In addition, CEM.POLICY.- rules needed SERVICE(READ) added as SERVICE(UPDATE) does not natively include SERVICE(READ). Also adds in better eye-cathcers for the UIDMASK variables inside the CONFIG.DATA data set so that if default values are left for correction later, a more identifiable eye-catcher remains in the security jobs so a user can better tell which UIDMASK belongs on which permit. SYMPTOMS: If using the ACF2 permits for giving GUI users access to the various components of the UI, users will not have the access levels needed to perform the actions in the UI as they would expect. IMPACT: GUI users are unable to perform the duties in the UI that they would expect. CIRCUMVENTION: Manually give the GUI users the following permits: SET R(CEM) RECKEY CEM ADD($ROLESET) Ýif using role-based security RECKEY CEM ADD(POLICY.- ROLE/UID(XXXXXXX) SERVICE(READ,UPDATE) ALLOW) RECKEY CEM ADD(REPORTS.- ROLE/UID(XXXXXX) SERVICE(READ) ALLOW) F ACF2,REBUILD(CEM),CLASS(R) where for xxxxxx you supply the appropriate UIDMASK or ROLE. PRODUCT(S) AFFECTED: CA Compliance Event Manager Version 5.0 Related Problem: CEVM 31 Copyright (C) 2016 CA. All rights reserved. R00035-CEM050-SP1 DESC(CEM R5.0 ACF2 UID SECURITY FIX FOR CEM.POLICY/REPORTS). ++VER (Z038) FMID (CCEM500) PRE ( RO90291 RO90391 RO90546 RO91148 RO92373 ) SUP ( TR92839 ) ++HOLD (RO92839) SYSTEM FMID(CCEM500) REASON (DYNACT ) DATE (16305) COMMENT ( +----------------------------------------------------------------------+ CA Compliance Event Manager Version 5.0 SEQUENCE After Apply PURPOSE To update the ACF2 security jobs for the installation so that GUI users get the appropriate permissions for the CEM.POLICY.- and CEM.REPORTS.- resources. Also to add better eye-catchers to the defaults for the UIDMASK variables so that if they are left as their defaults for later modification, they are more easily identifiable as to whom the permission is being given. USERS All Compliance Event Manager GUI users. AFFECTED KNOWLEDGE SMP/e. REQUIRED ACF2 administration.
Service Compliance Event Manager 5.0 6 CA RS 1710 - PTF RO92839 ACCESS Authority to apply fixes for the product. REQUIRED Authority to administer ACF2 permissions for manual steps (see Step D.1 below) * STEPS TO PERFORM * After applying the apar A. If none of the installation deployment, customization and configuration steps have been completed, no special action is needed. You can proceed with those steps. B. If an installation deployment was done: 1. You must deploy the updated libraries. Using your site's method, run the maintenance deploy jobs supplied in the cem_hlq.cem_mlq.install.sampjcl library. Refer to the "Deploy Product Maintenance" section in the Compliance Event Manager documentation for more details. 2. All customized jobs, procedures, parameters and permissions were customized to use the data set qualifier values that were specified during customization. It is necessary to get the maintenance deployment library members into data sets with the same names as the installation deployment libraries. If you want to preserve the current libraries, you should rename them before renaming or copying the maintenance libraries to the deployment libraries. 3. The mounted OMVS data set must be unmounted so you can rename/ copy the new OMVS file. You can do this several ways but the easiest would be to use IDCAMS to rename the installation OMVS data set and rename the new one to the installation deployment name. This method will allow your existing mount commands to work in the future. 4. Mount the new OMVS file to the same mount point that was used before. This step must be completed prior to proceeding to the next step. C. If the customization and configuration steps have not yet been completed: 1. Continue with the customization and configuration process as documented. D. If the customization and configuration steps were completed: 1. Issue the following ACF2 security commands for all GUI users so they now have the appropriate permissions: ÝACF2 Role-based SET R(CEM) RECKEY CEM ADD($ROLESET) RECKEY CEM ADD(POLICY.- ROLE(@CEME_GUIUSER_ROLE@) - SERVICE(READ,UPDATE) ALLOW) RECKEY CEM ADD(REPORTS.- ROLE(@CEME_GUIUSER_ROLE@) - SERVICE(READ) ALLOW) F ACF2,REBUILD(CEM),CLASS(R) --OR-- ÝACF2 UID-based SET R(CEM) RECKEY CEM ADD(POLICY.- UID(@CEME_GUIUSER_UIDMASK@) - SERVICE(READ,UPDATE) ALLOW) RECKEY CEM ADD(REPORTS.- ROLE(@CEME_GUIUSER_UIDMASK@) SERVICE(READ) ALLOW) F ACF2,REBUILD(CEM),CLASS(R) 2. Restart all started tasks for Compliance Event Manager. ).
Compliance Event Manager 5.0 7 CA RS 1710 - PTF RO93209 Service RO93209 RO93209 M.C.S. ENTRIES = ++PTF (RO93209) DATAMART NODE SELECTION IN CEM UI CAUSES LDP6514E PROBLEM DESCRIPTION: There is a default datamart node that appears on the login screen that when selected brings the user into a view of the GUI that connot administer policy. SYMPTOMS: Error message LDP6514E in every page for the GUI. IMPACT: Users cannot make use of the datamart node. CIRCUMVENTION: Selecting the default node for warehouse does all users to administer policy. PRODUCT(S) AFFECTED: CA Compliance Event Manager Version 5.0 CA Compliance Event Manager Version 6.0 Related Problem: CEVM 33 Copyright (C) 2016 CA. All rights reserved. R00036-CEM050-SP1 DESC(DATAMART NODE SELECTION IN CEM UI CAUSES LDP6514E). ++VER (Z038) FMID (CCEM500) PRE ( RO89315 RO89752 RO91699 RO92481 ) SUP ( TR93209 ) ++HOLD (RO93209) SYSTEM FMID(CCEM500) REASON (DYNACT ) DATE (16344) COMMENT ( +----------------------------------------------------------------------+ CA Compliance Event Manager Version 5.0 SEQUENCE After Apply. Prior to tomcat restart. PURPOSE Impliment PTF into TOMCAT server USERS All Users. AFFECTED KNOWLEDGE SMP/E. REQUIRED Product Installation. Product Deployment. USS Commands. ACCESS Access to the USS directory where CEM is installed. REQUIRED Permissions to make changes on the USS directory. * STEPS TO PERFORM * After applying the APAR A. If none of the installation, deployment, customization and configuration steps have been completed, no special action is needed. You can proceed with those steps. B. If an installation deployment was done: 1. You must deploy the updated libraries. Use your sites method run the maintenance deploy jobs supplied in the cemhwl.cemmlq. INSTALL.SAMPJCL library. Refer to the 'Deploy the Product' section in the Compliance Event Manager documentation. 2. All customized jobs, procedures, parameters and permissions were customized to use the data set qualifier values that were specified during customization. It is necessary to get the maintenance deployment library members into data sets with the same names as the installation deployment libraries. If
Service Compliance Event Manager 5.0 8 CA RS 1710 - PTF RO93209 you want to preserve the current libraries, you should rename them before renaming or copying the maintenance libraries to the deployment libraries. 3. The mounted OMVS data set must be unmounted so you can rename/ copy the new OMVS file. You can do this several ways but the easiest would be to use IDCAMS to rename the installation OMVS data set and rename the new one to the installation deployment name. This method will allow your existing mount commands to work in the future. 4. Mount the new OMVS file to the same mount point that was used before. This step must be completed prior to proceeding to the next step. C. If the customization and configuration steps were completed: 1. The following steps will delete and/or rename libraries that are being used by Compliance Event Manager tasks and cannot be done done while Compliance Event Manager tasks are active. You will need to shut down all CEM started tasks. 2. Copy CEMECFGX from the cemhlq.cemmlq.ccemoptv library into the cemehlq.cememlq.stage.cfglib library. 3. Run CEMCCONF from the cemehlq.cememlq.sampjcl library. This will delete and recreate all cemehlq.cememlq.custom.* libraries. If any manual changes were made in these libraries during installation, they should be saved prior to running CEMCCONF. 4. Rerun the J01160SP job. In your ceme_hlq.ceme_mlq.custom.joblib library. This job is required to copy configuration files into the new OMVS environment. NOTE: CC=256 is expected and allowed. 5. Delete the login.json and cemui.json files located in the CEM hfs directory: <CEM HOME>/tomcat/conf This will cause the GUI to rerun the generation process for both files and remove the datamart node. Any GUI application settings changed will be reset to their defaults. 6. On logon, the files will be regenerated and the datamart node will no longer be present. ). PARM(PATHMODE(0,7,7,5)).
Compliance Event Manager 5.0 9 CA RS 1710 - PTF RO93239 Service RO93239 RO93239 M.C.S. ENTRIES = ++PTF (RO93239) CEME EVENTS LOST DURING TEMP SERVER STARTUP PROBLEM DESCRIPTION: The temporary listener servers allocated by the various CMGR listener tasks do not post their availability immediately when they are available. As such, an erroneous 5-minute wait is taken until the availability is posted, during which time events are lost. SYMPTOMS: Events user is expecting to be captured by their policy are lost and will not be written to the corresponding listener for processing. Can be indicated by rising Lost-Event counts in the components' STATUS outputs. IMPACT: Product will continue to function, but events are lost during the timeframe where the temporary servers are causing the wait state. CIRCUMVENTION: Modify listener task parameters so that no temporary servers are used by setting PERMSERVER and MAXSERVER to the same value. PRODUCT(S) AFFECTED: CA Compliance Event Manager Version 5.0 CA Compliance Event Manager Version 6.0 Related Problem: CEVM 34 Copyright (C) 2017 CA. All rights reserved. R00037-CEM050-SP1 DESC(CEME EVENTS LOST DURING TEMP SERVER STARTUP). ++VER (Z038) FMID (CCEM500) SUP ( AC93747 TR93239 ) ++HOLD (RO93239) SYSTEM FMID(CCEM500) REASON (DYNACT ) DATE (17003) COMMENT ( +----------------------------------------------------------------------+ CA Compliance Event Manager Version 5.0 SEQUENCE After Apply PURPOSE Fix addresses issue where CA Compliance Event Manager Listener task servers do not post their availability immediately as they are available, causing the task to erroneously enter a 5-minute wait state during which events can be lost. USERS All CA Compliance Event Manager users. AFFECTED KNOWLEDGE SMP/e REQUIRED SysProg ACCESS Applying CA Compliance Event Manager maintenance. REQUIRED Stopping/restarting CA Compliance Event Manager tasks. * STEPS TO PERFORM * 1. After applying fix, issue LLA REFRESH (if applicable) 2. Stop all running CA Compliance Event Manager Listener tasks: A. Alerts (CEMALERT by default) B. Logger (CEMLOGGR by default) C. Monitor (CEMMON by default) D. Warehouse (CEMWHSE by default)
Service Compliance Event Manager 5.0 10 CA RS 1710 - PTF RO93239 3. Restart all necessary CA Compliance Event Manager Listener tasks. ).
Compliance Event Manager 5.0 11 CA RS 1710 - PTF RO93963 Service RO93963 RO93963 M.C.S. ENTRIES = ++PTF (RO93963) CEM TOMCAT UPGRADE ENHANCEMENT DESCRIPTION: ON ACCESS This enhancement upgrades the current working version of Apache Tomcat shipped with CEM PRODUCT(S) AFFECTED: CA Compliance Event Manager Version 5.0 CA Compliance Event Manager Version 6.0 Related Problem: CEVM 41 Copyright (C) 2017 CA. All rights reserved. R00042-CEM050-SP1 DESC(CEM TOMCAT UPGRADE). ++VER (Z038) FMID (CCEM500) PRE ( RO89315 RO89733 RO89752 RO91699 ) SUP ( TR93963 ) ++HOLD (RO93963) SYSTEM FMID(CCEM500) REASON (DYNACT ) DATE (17023) COMMENT ( +----------------------------------------------------------------------+ CA Compliance Event Manager Version 5.0 SEQUENCE After Apply. Prior to tomcat restart PURPOSE Implement PTF into TOMCAT Server and update backend components. USERS All Users. AFFECTED KNOWLEDGE SMP/E. REQUIRED Product Installation. Product Deployment. USS Commands. ACCESS Access to the USS directory where CEM is installed. REQUIRED Permissions to make changes on the USS directory. * STEPS TO PERFORM * After applying the apar A. If none of the installation, deployment, customization and configuration steps have been completed, no special action is needed. You can proceed with those steps. B. If an installation deployment was done: 1. You must deploy the updated libraries. Use your sites method run the maintenance deploy jobs supplied in the cemhwl.cemmlq. INSTALL.SAMPJCL library. Refer to the 'Deploy the Product' section in the Compliance Event Manager documentation. 2. All customized jobs, procedures, parameters and permissions were customized to use the data set qualifier values that were specified during customization. It is necessary to get the maintenance deployment library members into data sets with the same names as the installation deployment libraries. If you want to preserve the current libraries, you should rename them before renaming or copying the maintenance libraries to the deployment libraries. 3. The mounted OMVS data set must be unmounted so you can rename/ copy the new OMVS file. You can do this several ways but the easiest would be to use IDCAMS to rename the installation
Service Compliance Event Manager 5.0 12 CA RS 1710 - PTF RO93963 OMVS data set and rename the new one to the installation deployment name. This method will allow your existing 4. Mount the new OMVS file to the same mount point that was used before. C. Restart tomcat. ). PARM(PATHMODE(0,7,7,5)) SHSCRIPT(CEMETOMS,POST).
Compliance Event Manager 5.0 13 CA RS 1710 - PTF RO95496 Service RO95496 RO95496 M.C.S. ENTRIES = ++PTF (RO95496) STATUS COMMAND FAILURE PROBLEM DESCRIPTION: Issuing a STATUS command for a listener can result in a failure message and termination of the STATUS command. The task continues to process events and no abends occur. SYMPTOMS: The following message is seen after issuing the STATUS command: CEM0240I CEM Listener STATUS Failure IMPACT: The Listener continues to process events but the policy information is not displayed in the STATUS command after the error occurs. CIRCUMVENTION: The error occurs when the list of events for a single policy statement is too long for STATUS processing. Splitting the events over multiple policy statements will allow the STATUS command to complete sucessfully. PRODUCT(S) AFFECTED: CA Compliance Event Manager Version 5.0 CA Compliance Event Manager Version 6.0 Related Problem: CEVM 48 Copyright (C) 2017 CA. All rights reserved. R00046-CEM050-SP1 DESC(STATUS COMMAND FAILURE). ++VER (Z038) FMID (CCEM500) SUP ( TR95496 ) ++HOLD (RO95496) SYSTEM FMID(CCEM500) REASON (ACTION ) DATE (17097) COMMENT ( +----------------------------------------------------------------------+ CA Compliance Event Manager Version 5.0 SEQUENCE After Apply Restart any listeners that are running. PURPOSE Correct the failure error when doing the status command for a listener. Display all the information correctly. USERS Users running the status command for the listeners. AFFECTED KNOWLEDGE SMP/E REQUIRED ACCESS SMP/e and z/os Systems REQUIRED * STEPS TO PERFORM * Restart any listeners that are running. ).
Compliance Event Manager 5.0 14 CA RS 1710 Product/Component Listing Product Family Product Release UNKNOWN CA COMPLIANCE EVENT MANAGER 05.00.00 The CA RS 1710 Product/Component Count for this release is 1
Compliance Event Manager 5.0 15 All CA RS Levels Service List CA RS Level Service FMID CAR1710 RO95496 CCEM500 RO93963 RO93239 RO93209 RO92839 CCEM500 CCEM500 CCEM500 CCEM500 RO92481 CCEM500