A fix is available
APAR status
Closed as new function.
Error description
New function
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All Distributed Data Facility (DDF) users. * * Specifically users of Db2 System Profile * * Monitoring keyword MONITOR product-type * * CONNECTIONS FOR SECURITY. * **************************************************************** * PROBLEM DESCRIPTION: * * This APAR adds additional filtering * * options to the LOCATION column of the * * DSN_PROFILE_TABLE when the KEYWORDS * * column of the DSN_PROFILE_ATTRIBUTES * * is MONITOR product-type CONNECTIONS * * FOR SECURITY. * **************************************************************** * RECOMMENDATION: * **************************************************************** Currently, MONITOR product-type CONNECTIONS FOR SECURITY keyword can only be specified for profiles with a filtering criteria where the LOCATION column of the DSN_PROFILE_TABLE contain the values '*', '::0', or '0.0.0.0'. This means that security profiles are governed by the default location filter and the rules defined apply for all remote connections into Db2. Users need to apply security profile rules more precisely. Greater granularity would allow stricter security for new cloud-based clients or a portion of the network. This would also enable the application of stronger security policies across the network in a phased and gradual manner.
Problem conclusion
Temporary fix
Comments
This APAR expands the filtering criteria in the LOCATION column of the DSN_PROFILE_TABLE for security profiles to include the following: - IPv4 or IPv6 subnet address - IPv4 or IPv6 IP address of a remote client - Domain name of a remote client For more information about using profiles to monitor remote connections for security purposes, see the Db2 for z/OS documentation: https://www.ibm.com/docs/en/SSEPEK_13.0.0/seca/src/tpc/ db2z_controlsecureconnectivityprofiles.html
APAR Information
APAR number
PH57811
Reported component name
DB2 OS/390 & Z/
Reported component ID
5740XYR00
Reported release
D10
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-10-25
Closed date
2023-12-28
Last modified date
2024-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI95075
Modules/Macros
DSNXECWA DSNTCSRQ DSNLTSEC DSNT1PRG DSNXEXPL DSNXECWU DSNXERDS DSNT1STR DSNLIRTR DSNXEUFP DSNT1STP DSNLZOGV DSNXEIST DSNT1SPV DSNLJTIN DSNXESSR DSNXEBR DSNT1DSP DSNXQADD DSNLAGNT DSNT1PSM DSNLJHPP DSNLSSST DSNTSTRT DSNXOSIN DSNT1SDV DSNXERT DSNLCTRC DSNT1CAL DSNT1RSP DSNXECLF DSNLEDDA DSNT1SMG DSNLQINA DSNXERD DSNLJEMG DSNT1MNA DSNWVZCK DSNLTEXC DSNLTACT DSNXEDSC DSNGEPSH DSNT1SRQ DSNTBTRG DSNLILNR DSNTBCM2 DSNTBRB2 DSNDQW04 DSNXELX DSNLQDIS DSNTBSPL DSNXOPAH DSNWARDS DSNXOTL DSNXERD2 DSNT1MST DSNXOMPS DSNXCHEX DSNXEPM DSNXECW DSNLTACC
Fix information
Fixed component name
DB2 OS/390 & Z/
Fixed component ID
5740XYR00
Applicable component levels
RD10 PSY UI95075
UP24/01/05 P F401
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEPEK","label":"DB2 for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"D10","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
01 February 2024