A fix is available
APAR status
Closed as program error.
Error description
If a table is created via a secondary authid, but a GEN or DDL or the table is executed by a another SQLID that does not have authority to invoke the secondary authid, the GEN or DDL will generate the DDL, but may also produce a SQLCODE = -553 error: Set Current Sqlid = '>authorization-id<' DSNT408I SQLCODE = -553, ERROR: >authorization-id< SPECIFIED IS NOT ONE OF THE VALID AUTHORIZATION IDS FOR REQUESTED OPERATION. A security violation may also be recorded by the External Security Manager (ESM).
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: Users of the Db2 Administration Tool for * * z/OS or Db2 Object Comparison Tool for z/OS * * who use the reverse engineering (GEN) * * function. * **************************************************************** * PROBLEM DESCRIPTION: When called by GEN, * * the parser generates * * a PREPARE statement * * with the wrong SQLID, * * which results in SQL error * * -553. * **************************************************************** When a user issues the GEN or DDL command, the parser module is eventually called during the process. The parser generates a PREPARE statement with the wrong SQLID, which results in the following authorization errors, even though the DDL is generated: Violation in ACF2 (for example): ACF04056 ACCESS TO RESOURCE DB2PSYSADM TYPE DSYS BY >id< NOT AUTHORIZED Violation in DB2: Set Current Sqlid = '>sqlid<' DSNT408I SQLCODE = -553, ERROR: >sqlid< SPECIFIED IS NOT ONE OF THE VALID AUTHORIZATION IDS FOR REQUESTED OPERATION
Problem conclusion
The problem has been resolved.
Temporary fix
Comments
APAR Information
APAR number
PH27464
Reported component name
DB2 ADMIN TOOL
Reported component ID
568851500
Reported release
C10
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-07-15
Closed date
2020-10-25
Last modified date
2020-11-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI72224
Modules/Macros
ADB2PA
Fix information
Fixed component name
DB2 ADMIN TOOL
Fixed component ID
568851500
Applicable component levels
RC10 PSY UI72224
UP20/10/29 P F010
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCVQTD","label":"IBM Db2 Administration Tool for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"12.1.0"}]
Document Information
Modified date:
12 February 2021