IBM® Tivoli® Security Policy Manager, Fix Pack 7.0.0-TIV-ITSPM-FP0002.pak README


Abstract

Readme documentation for IBM® Tivoli® Security Policy Manager Version 7.0.0 Fix Pack 2 including installation-related instructions, prerequisites and co-requisites, and list of fixes.

Readme file for: IBM® Tivoli® Security Policy Manager
Product/Component Release: 7.0.0
Update Name: Fix Pack 2
Fix ID: 7.0.0-TIV-ITSPM-FP0002
Publication date: 31 March 2009
Last modified date: 31 March 2009


Contents

Download location
Prerequisites and co-requisites
Known issues

Installation information:
  Prior to installation
  Installing
  Performing the necessary tasks after installation
  Uninstalling if necessary

List of fixes
Copyright and trademark information
Document change history

Download location

The fix pack is available by FTP from the following location:
    ftp://ftp.software.ibm.com/software/tivoli_support/patches/patches_7.0.0/7.0.0-TIV-ITSPM-FP00002/

The fix pack can also be downloaded from the IBM Support site:

  1. Go to the IBM Tivoli Security Policy Manager Support Web site.
  2. Click Download. Specify the fix pack id 7.0.0-TIV-ITSPM-FP0002 in the search field.


Known Issues

The WebSphere Update Installer 7.0.0.1 has a known problem on Unix systems which incorrectly sets permissions on newly distributed files, allowing write access to any user. To prevent problems after the installation of the fix pack, change directory to the product installation directory and execute the following command:

for i in `find . -perm -777 ! -type l` ; do
chmod 766 $i
done
This will locate all the files with the incorrect permissions and fix them. For more information refer to WebSphere APAR PK77590.

Prerequisites and co-requisites

  You must have the following software installed in order to install this fix pack:
Installation information:

  Prior to installation   

  Be aware of the following considerations before installing this fix pack:

  Installation path specification for the Windows Server 2008 platform
This preinstallation item applies only to installations on a 64-bit Windows platform like Windows Server 2008.

Because Tivoli Security Policy Manager is a 32-bit application its default path when installing on Windows Server 2008 changes from

C:\Program Files\IBM\TSPM

to:

C:\Program Files (x86)\IBM\TSPM

Note that this change to the installation path name also affects a 32-bit WebSphere Application Server on Windows Server 2008:

C:\Program Files\IBM\WebSphere

changes to:

C:\Program Files (x86)\IBM\WebSphere


  Update Installer
This fixpack requires the use of the WebSphere Update Installer version 7.0.0.1. Ensure that you have installed the correct version of the WebSphere Update Installer on each computer where you will install the fix pack. You can download the WebSphere Update Installer version 7.0.0.1 from the WebSphere Application Server Update Installer Web site. Installation instructions are on the download page.

  Fix pack packaging
This Tivoli Security Policy Manager 7.0.0.2 patch is provided on the Tivoli Support Web site as a single downloadable .pak file. Download the file to a location accessible by the WebSphere Update Installer. Typically the default WebSphere Update Installer directory is either

C:\Program Files\IBM\WebSphere\UpdateInstaller\maintenance

for Windows or

/opt/IBM/WebSphere/UpdateInstaller/maintenance

for Unix/Linux.

  Automatic creation of a backup directory
The Update Installer saves backup copies of the files that it replaces during the installation. You do not need to manually backup the Tivoli Security Policy Manager files.
  Installing
  1. Copy the file you downloaded from the Download Location, preferably into the default WebSphere Update Installer's maintenance directory,
    C:\Program Files\IBM\WebSphere\UpdateInstaller\maintenance

    for Windows or

    /opt/IBM/WebSphere/UpdateInstaller/maintenance

    for Unix/Linux.

  2. Ensure that the WebSphere Application Server that hosts Tivoli Security Policy Manager is running.
  3. Edit the file <TSPM_INSTALL_DIRECTORY>/uninstall/installvariables.properties and set the value for WAS_TRUSTSTORE_PW. Specify the password that was set when Tivoli Security Policy Manager was initially installed. (Typically <TSPM_INSTALL_DIRECTORY> would be C:\Program Files\IBM\TSPM on Windows systems, or /opt/IBM/TSPM on UNIX-based systems). This password value is removed from the file when the WebSphere Update Installer exits.
  4. Edit the file <TSPM_INSTALL_DIRECTORY>/uninstall/installvariables.properties and set the value for WAS_ADMIN_PW. This password value is removed from the file when the WebSphere Update Installer exits.
  5. Start the WebSphere Update Installer (typically located in C:\Program Files\IBM\WebSphere\UpdateInstaller on Windows systems, or in /opt/IBM/WebSphere/UpdateInstaller on UNIX-based systems).
  6. In the Welcome window click Next. Tivoli Security Policy Manager will not be listed, but is supported.
  7. Specify the path to the <TSPM_INSTALL_DIRECTORY> for Tivoli Security Policy Manager, then click Next.
  8. Select Install maintenance in the dialog.
  9. Specify the path where the fix pack (.pak) file was copied. The Update Installer automatically detects, enables, and displays the Tivoli Security Policy Manager fixes (pak files).
  10. Select the fixpack to install, then click Next.

    Note: The WebSphere Update Installer allows you to select more than one pak file at a time for installation. Select only the pak files that correspond to the components that are installed on the system you are updating. If you accidentally install more pak files than are needed, you can separately uninstall any fix packs for components that are not installed on the target system.


  Performing the necessary tasks after installation
    After installing the fixpack, restart the WebSphere Application Server.

  Uninstalling if necessary

    If you want to return your installation to the state it was in prior to installing the fix pack, you can uninstall the fix pack.

  1. Ensure that the WebSphere Application Server that hosts the Tivoli Security Policy Manager console and management service is running.
  2. Edit the file <TSPM_INSTALL_DIRECTORY>/uninstall/installvariables.properties and set the value for WAS_TRUSTSTORE_PW. Specify the password that was set when Tivoli Security Policy Manager was initially installed. (Typically <TSPM_INSTALL_DIRECTORY> would be C:\Program Files\IBM\TSPM on Windows systems, or /opt/IBM/TSPM on UNIX-based systems). This password value is removed from the file when the WebSphere Update Installer exits.
  3. Edit the file <TSPM_INSTALL_DIRECTORY>/uninstall/installvariables.properties and set the value for WAS_ADMIN_PW. This password value is removed from the file when the WebSphere Update Installer exits.
  4. Start the WebSphere Update Installer (typically located in C:\Program Files\IBM\WebSphere\UpdateInstaller on Windows systems, or in the equivalent directory on UNIX-based systems)
  5. In the Welcome window click Next. Tivoli Security Policy Manager will not be listed but is supported.
  6. Specify the path to the <TSPM_INSTALL_DIRECTORY> for Tivoli Security Policy Manager, then click Next.
  7. Select Uninstall maintenance in the dialog.
  8. The Update Installer will automatically remove the fix pack and restore the previously installed version of Tivoli Security Policy Manager.


List of fixes

Fixes included in IBM® Tivoli® Security Policy Manager Version 7.0.0 Fix Pack 2:

APAR No.Sev.Abstract
APAR IZ44242 3 TSPM EFFECTIVE POLICY CONTAINS NULL
APAR IZ44243 3 POLICY OP PERMISSIONS NOT SERVICE RESTRICTED
APAR IZ44244 3 AUDIT RECORD REGISTRY_IMPORT_SERVICE_WITH_CLASSIFICATIONS
APAR IZ44247 3 UNABLE TO MODIFY KEYSTORE PASSWORD IN CONFIGURATION FILE COM.IB
APAR IZ44248 3 REGISTRATION ERRORS NOT REPORTED
APAR IZ44250 3 INVALID VALUES CAN BE SPECIFIED FOR THE "CATEGORY" FIELD
APAR IZ44252 3 POLICY_DELETE HANDLE WRITTEN IN AUDIT RECORD
APAR IZ44253 3 AUDIT RECORD CLASSIFICATION_ASSOCIATE_POLICY MISSING
APAR IZ44687 3 WELCOME PAGE SHOWS NUMBER OF USER REGISTRY QUERY ATTRIBUTES
APAR IZ44688 3 ROLE LISTING WITH POLICY AT OPERATION LEVEL REPEATS POLICY
APAR IZ44689 3 WRONG POLICY STATUS AFTER DELETING A CLASSIFICATION
APAR IZ44702 3 RULE PARAMETER DATA TYPE SHOULD MATCH THE DATA TYPE ON THE
APAR IZ44703 3 POLICY DETACH DOES NOT WORK COMBINED WITH CLASSIFICATIONS
APAR IZ44704 3 CONFIG POLICY AUTHORIZATION DENIED FOR VIEW SERVICE WHEN USER
APAR IZ44706 3 HTTPS TOKEN CANNOT BE BUILT WITHOUT CLIENT AUTH OPTION
APAR IZ44707 3 MP POLICY CAN'T BE DISTRIBUTED TO WSRR IF SERVICE DOESN'T EXIST
APAR IZ44709 3 USER CAN SELECT A PREVIOUS DISTRIBUTION BUT WAS NOT REQUIRED TO
APAR IZ44711 3 INVALID CHARACTERS ARE ACCEPTED IN THE PDT HOST NAME FIELD
APAR IZ44712 3 USER CREATING NEW SERVICE SELECTS AN APPLICATION, THEN CHANGES
APAR IZ44713 3 TEXT AND TABLE EXTEND BEYOND PANEL ON FIREFOX 2.0.0.17
APAR IZ44714 3 UNRECOVERABLE ERROR WHEN SERVICE IS ATTACHED TO POLICY
APAR IZ44715 3 ADDING A SERVICE ASSOCIATION WHEN THERE ARE DUPLICATE SERVICE
APAR IZ44717 3 BLANK PANE PRESENTED AFTER INVALID FILENAME ENTERED FOR POLICY
APAR IZ44718 3 IF THE SERVICE NAME FOR EXPORTED POLICY CONTAINS NLV CHARACTERS
APAR IZ44721 3 ADMIN DELEGATION LIMITATION FOR CONFIGURING POLICY VIA A GROUP
APAR IZ47630 3 CLASSIFICATION REPORT DOES NOT CORRECTLY FILTER POLICY VERSIONS
APAR IZ47632 3 POLICY DISTRIBUTION REPORT DOES NOT HANDLE EMPTY CASE OF NO
APAR IZ47641 3 USER DELEGATED ROLE HAS MORE SCOPE THAN GROUP DELEGATING ROLE
APAR IZ47667 3 GROUP-TO-GROUP DELEGATION SCOPE ENFORCEMENT NEEDS RESTART
APAR IZ47690 3 ERRORS IN AppRoleEnt AND CLASS REPORTS


Copyright and trademark information

http://www.ibm.com/legal/copytrade.shtml

Notices

This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:

IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan

The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions; therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information that has been exchanged, should contact:

IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758
U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.

The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.

Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.


THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION

The license agreement for this product refers you to this file for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. The relevant terms and conditions, notices and other information are provided or referenced below. Please note that any non-English version of the licenses below is unofficial and is provided to you for your convenience only. The English version of the licenses below, provided as part of the English version of this file, is the official version.

Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions:

Document change history

DateDescription of change
31 March 2009Initial Version. Fix Pack 2