IBM Support

IT13606: DB2 ON AIX WITH DB2AUTH OR DB2_ALTERNATE_GROUP_LOOKUP SET MAY GET WRONG USER GROUP MEMBERSHIP RESULTING IN WRONG PRIVILEGES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • To get group information for a userid on AIX, DB2 uses the API
    getgrset which is not thread-safe.  The getgrset API may return
    more or less groups for a given userid.  As a result,
    applications may receive intermittent privilege error messages
    such as sql1060n or sql0551n due to the getgrset API returning
    less groups than the user has.  In some cases, users may
    incorrectly gain privileges to objects that are granted to group
    if the getgrset API returns more groups for the user than
    intended.
    This APAR will make a change to use getgrset_r going forward
    which is thread-safe.
    
    This problem is only applicable to DB2 server instances that
    have either DB2AUTH=OSAUTHDB or
    DB2_ALTERNATE_GROUP_LOOKUP=GETGRSET  set in the DB2 registry
    

Local fix

  • No workaround. Please, install this Fix.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * ALL                                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 10.1 Fix Pack 6                               *
    ****************************************************************
    

Problem conclusion

  • First fixed in DB2 10.1 Fix Pack 6
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT13606

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    A10

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-02-03

  • Closed date

    2017-03-02

  • Last modified date

    2017-03-02

  • APAR is sysrouted FROM one or more of the following:

    IT13209

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1"}]

Document Information

Modified date:
26 September 2021