IBM Support

IZ12929: ALLOW DB2 EXTENDED SECURITY TO BE ENABLED ON DOMAINS / COMPUTERS WITH NAMES THAT START WITH IBM, SQL OR SYS.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • DB2 Extended Security was updated in v9.1 FP2 to support domain
    global security groups. Prior to this, only local security
    groups were allowed.
    A restrictive check was added to the db2extsec.exe utility
    which prevented it from successfully enabling DB2 Extended
    Security if the fully qualified "DB2USERS" or "DB2ADMNS" group
    name start with IBM, SQL or SYS (e.g. MYDOMAIN\DB2USERS is a
    valid name but IBMXXX\DB2USERS will cause the utility to exit
    SQL1046N).
    This was deemed to be too restrictive and the computer / domain
    name check has been removed.
    Note: The group name itself must still conform to the DB2
    naming conventions.
    DB2 Extended Security cannot be enabled on machines with
    computer names starting with IBM, SQL or SYS and local groups
    have been specified for the "DB2USERS" and "DB2ADMNS" groups.
    DB2 Extended Security cannot be enabled if the domain name
    starts with IBM, SQL or SYS and domain global groups have been
    specified for the "DB2USERS" or "DB2ADMNS" groups.
    The installation of DB2 products will complete but with errors
    if DB2 Extended Security has been enabled and one of the above
    conditions is true.
    db2extsec.exe fails with the following error:
    SQL1046N The authorization ID is not valid.
    Installation of a DB2 product completes successfully but the
    install log will indicate the following error:
    1: ERROR:SQL1046N The authorization ID is not valid.
    1: Configuring DB2_EXTENDED_SECURITY:.......Failure
    

Local fix

  • During DB2 installation, uncheck and disable the DB2 Extended
    Security feature.
    If using local groups for DB2 Extended Security, rename the
    computer name to something that does not start with IBM, SQL or
    SYS.
    If using domain groups for DB2 Extended Security, rename the
    domain name (not very practical) or specify local groups
    instead (again, this may not be practical).
    

Problem summary

  • See Problem Description.
    

Problem conclusion

  • First fixed in DB2 Version 9.1, FixPak 5
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ12929

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-01-13

  • Closed date

    2008-07-14

  • Last modified date

    2008-07-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IZ18052

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R910 PSY

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
14 July 2008