IBM Support

IT37891: WHEN TRUSTED CONTEXT IS DROPPED, SETSESSIONUSER PRIVILEGES ARE ALSO DELETED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When you drop trusted context, it will remove all rows in
    syscat.surrogateauthids where trustedid is the "context name"
    created. It doesn't check the trustedidtype.
    It means that if you give grant to a user with the same context
    name (setsessionuser privilege has nothing to do with a trusted
    context), when you drop the TC, all rows are removed, and only
    should be the rows with trustedidtype='C'.
    
    ie.-e:
    
    db2  "CREATE TRUSTED CONTEXT TEST1 BASED UPON CONNECTION USING
    SYSTEM AUTHID TEST1 ENABLE ATTRIBUTES (ADDRESS 'X.XX.XXXX.XXXX')
    WITH USE FOR PUBLIC WITHOUT AUTHENTICATION"
    db2 grant setsessionuser on user XXXX to user TEST1
    db2 "select TRUSTEDIDTYPE, SURROGATEAUTHID from
    syscat.surrogateauthids where trustedid='TEST1'"
    TRUSTEDIDTYPE SURROGATEAUTHID
    
    -------------
    ----------------------------------------------------------------
    ----------------------------------------------------------------
    C             PUBLIC
    
    U             XXXX
    
    
    
    db2 drop trusted context TEST1
    
    db2 "select TRUSTEDIDTYPE, SURROGATEAUTHID from
    syscat.surrogateauthids where trustedid='TEST1'"
    TRUSTEDIDTYPE SURROGATEAUTHID
    
    -------------
    ----------------------------------------------------------------
    ----------------------------------------------------------------
    
      0 record(s) selected.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * all                                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Error Description                                        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to 11.1.4.7                                          *
    ****************************************************************
    

Problem conclusion

  • Upgrade to 11.1.4.7
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT37891

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    B10

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-08-05

  • Closed date

    2022-04-17

  • Last modified date

    2022-04-17

  • APAR is sysrouted FROM one or more of the following:

    IT37184

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • RB10 PSN

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"11.1","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
03 May 2022