IBM Support

PH48764: DB2 FOR Z/OS NEW FUNCTION

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • db2ddf
Db2 for z/OS new function.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All Distributed Data Facility (DDF) users.                   *
* Specifically users of system profiles for                    *
* the monitoring of connections for remote                     *
* TCP/IP access into Db2 for z/OS servers.                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* This APAR adds the new MONITOR                               *
* product_type CONNECTIONS FOR SECURITY                        *
* keyword functions to Db2 System                              *
* Profile Monitoring.                                          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A security administrator lacks granular controls to support the
migration and enforcement of their Db2 clients to approved
authentication methods and encrypted connections.
Currently, migrating applications to compliant authentication
methods and to deploy encrypted connections can take a
considerable amount of effort and time depending on access
type. Some clients such as REST clients can easily enable
secure connections while Db2 Connect clients require additional
installation steps which prolong its enablement. Having a
mechanism which can identify and enforce security compliance
selectively based on access type is desirable and allows a user
to enable secure connections in a phased manner.

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • This APAR provides a simple approach to discover which
applications are not using compliant authentication
mechanisms or have not enabled encrypted connections so that
corrective actions can be taken. This APAR also adds the
ability to enforce compliance.
The following new actions are added to the KEYWORDS column of
the DSN_PROFILE_ATTRIBUTES table:
- MONITOR REST CONNECTIONS FOR SECURITY
- MONITOR JDBC CONNECTIONS FOR SECURITY
- MONITOR CLI CONNECTIONS FOR SECURITY
- MONITOR DB2CONNECT CONNECTIONS FOR SECURITY
- MONITOR DSN CONNECTIONS FOR SECURITY
- MONITOR * CONNECTIONS FOR SECURITY
The new keyword values can only be specified for profiles
using the default location filtering criteria. These new
keyword values enable the definition of profiles, based on
application requester product type, to discover and enforce
the usage of authorization mechanisms and encrypted
connections.
This APAR adds the following new DSNT775I and DSNT776I
messages:
- DSNT775I csect-name SERVER DISTRIBUTED AGENT WITH LUWID=luwid
  THREAD-INFO=thread-information PRDID=product-identifier FOR
  LOCATION=location RECEIVED event-type WARNING DUE TO PROFILE
  ID=profile-id OCCURRED number TIME(S)
- DSNT776I csect-name SERVER DISTRIBUTED AGENT WITH LUWID=luwid
  THREAD-INFO=thread-information PRDID=product-identifier FOR
  LOCATION=location RECEIVED event-type EXCEPTION DUE TO
  PROFILE ID=profile-id OCCURRED number TIME(S)
For more information about using profiles to monitor remote
connections for security purposes, see the Db2 for z/OS
documentation:
https://www.ibm.com/support/knowledgecenter/en/SSEPEK_13.0.0/
admin/src/tpc/db2z_createprofiles.html
×**** PE23/03/13 FIX IN ERROR. SEE APAR PH53182  FOR DESCRIPTION

    



APAR Information




    

  • APAR number
    PH48764
    • 

  • Reported component name
    DB2 OS/390 & Z/
    • 

  • Reported component ID
    5740XYR00
    • 

  • Reported release
    D10
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-08-17
    • 

  • Closed date
    2023-02-28
    • 

  • Last modified date
    2023-04-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI90788
    

    • 



Modules/Macros


    

  • DSNLJEMG DSNT1MNA DSNDQW05 DSNWVZCK DSNXECWA DSNLTEXC DSNLTACT
DSNLTSEC DSNXECWU DSNLILNR DSNLIRTR DSNFCDIR DSNLZOGV DSNDQW04
DSNLJTIN DSNXESSR DSNLAGNT DSNXELX  DSNLQDIS DSNLJHPP DSNLSSST
DSNTSTRT DSNT1SDV DSNWARDS DSNFTDIR DSNLCTRC DSNT1MST DSNT1RSP
DSNLEDDA DSNXEPM  DSNLQINA DSNXECW  DSNLTACC

    



Fix information


    

  • Fixed component name
    DB2 OS/390 & Z/
    • 

  • Fixed component ID
    5740XYR00
    • 



Applicable component levels


    

  • RD10  PSY  UI90788
       UP23/03/09  P  F303
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEPEK","label":"DB2 for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"D10","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 April 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback