IBM Support

IT32042: EXTRA PRIVILEGES ON NULLID.ATSO05 PACKAGE ARE ADDED TO PUBLIC AFTER RESTORING OLDER RESTRICTIVE DATABASE IMAGE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The extra BINDAUTH and EXECUTEAUTH privileges on NULLID.ATSO05
    package are added to PUBLIC on Db2 v11.5 after restoring older
    RESTRICTIVE database image as below.
    
    The original database is a RESTRICTIVE database and the extra
    BINDAUTH and EXECUTEAUTH privileges should not be added even
    after restoring RESTRICTIVE database.
    
    * The privileges on the original RESTRICTIVE database
    
    $ db2 "select DISTINCT substr(GRANTOR,1,15) as
    GRANTOR,substr(GRANTEE,1,15) as
    GRANTEE,GRANTEETYPE,substr(PKGSCHEMA,1,15) as
    PKGSCHEMA,CONTROLAUTH,BINDAUTH,EXECUTEAUTH from
    syscat.PACKAGEAUTH"
    
    GRANTOR         GRANTEE         GRANTEETYPE PKGSCHEMA
    CONTROLAUTH BINDAUTH EXECUTEAUTH
    --------------- --------------- ----------- ---------------
    ----------- -------- -----------
    SYSIBM          DB2INST1        U           NULLID          Y
    G        G
    SYSIBM          DB2INST1        U           SYSIBMADM       Y
    G        G
    SYSIBM          DB2INST1        U           SYSIBMINTERNAL  Y
    G        G
    SYSIBM          DB2INST1        U           SYSPROC         Y
    G        G
    
      4 record(s) selected.
    
    * The extra privileges on the restored RESTRICTIVE database
    
    $ db2 "select DISTINCT substr(GRANTOR,1,15) as
    GRANTOR,substr(GRANTEE,1,15) as
    GRANTEE,GRANTEETYPE,substr(PKGSCHEMA,1,15) as
    PKGSCHEMA,CONTROLAUTH,BINDAUTH,EXECUTEAUTH from
    syscat.PACKAGEAUTH"
    
    GRANTOR         GRANTEE         GRANTEETYPE PKGSCHEMA
    CONTROLAUTH BINDAUTH EXECUTEAUTH
    --------------- --------------- ----------- ---------------
    ----------- -------- -----------
    SYSIBM          DB2INST1        U           NULLID          Y
    G        G
    SYSIBM          DB2INST1        U           SYSIBMADM       Y
    G        G
    SYSIBM          DB2INST1        U           SYSIBMINTERNAL  Y
    G        G
    SYSIBM          DB2INST1        U           SYSPROC         Y
    G        G
    DB2INST1        PUBLIC          G           NULLID          N
    Y        Y
    
      5 record(s) selected.
    
    $ db2 "select char(GRANTOR,10) GRANTOR, char(GRANTEE,10)
    GRANTEE, GRANTEETYPE, char(PKGSCHEMA,10) PKGSCHEMA,
    char(PKGNAME,16) PKGNAME, CONTROLAUTH, BINDAUTH, EXECUTEAUTH
    from syscat.PACKAGEAUTH where PKGSCHEMA = 'NULLID' and  GRANTEE
    = 'PUBLIC'"
    
    GRANTOR    GRANTEE    GRANTEETYPE PKGSCHEMA  PKGNAME
    CONTROLAUTH BINDAUTH EXECUTEAUTH
    ---------- ---------- ----------- ---------- ----------------
    ----------- -------- -----------
    DB2INST1   PUBLIC     G           NULLID     ATSO05           N
    Y        Y
    

Local fix

  • Revoke privileges from PUBLIC user
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * RESTRICTIVE DATABASE User                                    *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 Version 11.5 FixPack 1 or later               *
    ****************************************************************
    

Problem conclusion

  • Fixed in DB2 Version 11.1 Modification 4 FixPack 6
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT32042

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    B10

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-03-02

  • Closed date

    2021-03-31

  • Last modified date

    2021-03-31

  • APAR is sysrouted FROM one or more of the following:

    IT31969

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.1"}]

Document Information

Modified date:
01 April 2021