IBM Support

IC67084: TABLE PERMISSIONS VIOLATION AFTER TRIGGER EXECUTION IN CROSS-DATABASE QUERY

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It is possible to bypass permissions on a table in
cross-database query.
Since trigger execution, with granted owner permissions, it is
possible for non-privileged user to update table or insert new
data as well in the current session.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* Users having cross database query and triggers               *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* When DBA revokes permission on a table, trigger action can   *
* allow dml operation on that table in the same session. In    *
* this case , user can perform dml operation on that table     *
* instead of receiving permission error from the server.       *
****************************************************************
* RECOMMENDATION:                                              *
* Upgrade to 11.50.xC7.                                        *
****************************************************************

    



Problem conclusion


    

  • Upgrade to 11.50.xC7.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC67084
    • 

  • Reported component name
    IBM IDS ENTRP E
    • 

  • Reported component ID
    5724L2304
    • 

  • Reported release
    B15
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2010-03-10
    • 

  • Closed date
    2010-11-17
    • 

  • Last modified date
    2010-11-17
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM IDS ENTRP E
    • 

  • Fixed component ID
    5724L2304
    • 



Applicable component levels


    

  • RB15  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSGU8G","label":"Informix Servers"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B15","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 November 2010
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback