IT27409: CUSTOMER RECEIVES -607 WHEN INVOKING ATS STORED PROCEDURE

APAR status

Closed as program error.

Error description

Due to the fix for security APAR IT25813 wsdbu01349804
[SECURITY: ADMINISTRATIVE TASK SCHEDULER IS VULNERABLE TO A
PRIVILEGE ESCALATION],  customer receives -607 errors when
trying execute ATS stored procedure tasks due to ATS package
using an authorization ID other than SYSIBM. The affected ATS
procedures are
SYSPROC.ADMIN_TASK_ADD/ADMIN_TASK_REMOVE/ADMIN_TASK_UPDATE.

The current authorization ID for the ATS package can be verified
by issuing the following SQL statement and looking at the
BOUNDBY value: "SELECT PKGSCHEMA, PKGNAME, BOUNDBY FROM
SYSCAT.PACKAGES WHERE PKGNAME LIKE 'ATS%'"


The value of the BOUNDBY value can be changed away from SYSIBM
through explicit binding of the db2ats_sps.bnd or db2ubind.lst
files. If the bind of the db2ats_sps.bnd file is successful, the
BOUNDBY will be changed to the current session authorization ID.
If the bind fails with a -607 error, then the BOUNDBY value will
not be changed and ATS processing will not be affected.

This APAR will implement logic to have Db2 automatically
validate and, if necessary, restore the authorization ID for ATS
when an ATS stored procedure is invoked.

Note that attempts by customer to bind the db2ats_sps.bnd file
when the ATS control tables exist in the database  will still
continue to fail with a -607 error even after applying this
APAR. This is the new, expected behaviour.

The customer may receive the following error during a bind:
SQL0082C An error has occurred which has terminated processing.

Local fix

```
None known.
```

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
* ALL                                                          *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See Error Description                                        *
****************************************************************
* RECOMMENDATION:                                              *
* Upgrade to Db2 11.1 Mod 4 Fixpack 4 iFix 001 or higher       *
****************************************************************

Problem conclusion

First fixed in Db2 11.1 Mod 4 Fixpack 4 iFix 001

Temporary fix

Comments

APAR Information

APAR number
IT27409
Reported component name
DB2 FOR LUW
Reported component ID
DB2FORLUW
Reported release
B10
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-18
Closed date
2019-03-07
Last modified date
2019-08-01

APAR is sysrouted FROM one or more of the following:

IT27385
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
DB2 FOR LUW
Fixed component ID
DB2FORLUW

Applicable component levels

RB10 PSN
UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
01 August 2019

Page Feedback

IBM Support

Tips

Tips

IT27409: CUSTOMER RECEIVES -607 WHEN INVOKING ATS STORED PROCEDURE

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

RB10 PSN

Document Information

Contact and feedback

Need support?