IZ12929: ALLOW DB2 EXTENDED SECURITY TO BE ENABLED ON DOMAINS / COMPUTERS WITH NAMES THAT START WITH IBM, SQL OR SYS.

Fixes are available

APAR status

Closed as program error.

Error description

DB2 Extended Security was updated in v9.1 FP2 to support domain
global security groups. Prior to this, only local security
groups were allowed.
A restrictive check was added to the db2extsec.exe utility
which prevented it from successfully enabling DB2 Extended
Security if the fully qualified "DB2USERS" or "DB2ADMNS" group
name start with IBM, SQL or SYS (e.g. MYDOMAIN\DB2USERS is a
valid name but IBMXXX\DB2USERS will cause the utility to exit
SQL1046N).
This was deemed to be too restrictive and the computer / domain
name check has been removed.
Note: The group name itself must still conform to the DB2
naming conventions.
DB2 Extended Security cannot be enabled on machines with
computer names starting with IBM, SQL or SYS and local groups
have been specified for the "DB2USERS" and "DB2ADMNS" groups.
DB2 Extended Security cannot be enabled if the domain name
starts with IBM, SQL or SYS and domain global groups have been
specified for the "DB2USERS" or "DB2ADMNS" groups.
The installation of DB2 products will complete but with errors
if DB2 Extended Security has been enabled and one of the above
conditions is true.
db2extsec.exe fails with the following error:
SQL1046N The authorization ID is not valid.
Installation of a DB2 product completes successfully but the
install log will indicate the following error:
1: ERROR:SQL1046N The authorization ID is not valid.
1: Configuring DB2_EXTENDED_SECURITY:.......Failure

Local fix

During DB2 installation, uncheck and disable the DB2 Extended
Security feature.
If using local groups for DB2 Extended Security, rename the
computer name to something that does not start with IBM, SQL or
SYS.
If using domain groups for DB2 Extended Security, rename the
domain name (not very practical) or specify local groups
instead (again, this may not be practical).

Problem summary

```
See Problem Description.
```

Problem conclusion

First fixed in DB2 Version 9.1, FixPak 5

Temporary fix

Comments

APAR Information

APAR number
IZ12929
Reported component name
DB2 UDB ESE AIX
Reported component ID
5765F4100
Reported release
910
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-01-13
Closed date
2008-07-14
Last modified date
2008-07-14

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

IZ18052

Fix information

Fixed component name
DB2 UDB ESE AIX
Fixed component ID
5765F4100

Applicable component levels

R910 PSY
UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
14 July 2008

Tips

IZ12929: ALLOW DB2 EXTENDED SECURITY TO BE ENABLED ON DOMAINS / COMPUTERS WITH NAMES THAT START WITH IBM, SQL OR SYS.

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R910 PSY

Document Information

Share your feedback

Need support?