PH63973: DISABLE GRANT STATEMENTS FOR GENERATED DB2 INSTALLATION JOBS

Obtain the fix for this APAR.

APAR status

• Closed as new function.

Error description

• DISABLE GRANT STATEMENTS FOR GENERATED Db2 INSTALLATION JOBS
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All Db2 13 for z/OS users of the following:  *
  *                  - Db2 Installation CLIST                    *
  *                  - Db2 Installation Job DSNTIJRT and         *
  *                    Program DSNTRIN                           *
  ****************************************************************
  * PROBLEM DESCRIPTION: The Db2 CLIST and Db2 installation job  *
  *                      DSNTIJRT/DSNTRIN have no provision for  *
  *                      specifying whether GRANT statements     *
  *                      are executed when installing            *
  *                      Db2-supplied routines and generating    *
  *                      Db2 installation jobs.                  *
  ****************************************************************
  The Db2 CLIST generates Db2 installation jobs to install Db2.
  
  Program DSNTRIN is called by job DSNTIJRT to install and
  configure Db2-supplied routines (stored procedures and UDFs),
  including the Db2 objects, such as databases, used by the
  routines. It also detects and corrects missing and down-level
  SQL objects and packages for Db2-supplied routines.
  
  Currently, the Db2 CLIST generates all GRANT statements
  when generating Db2 installation jobs. Program DSNTRIN
  also generates and executes all GRANT statements when
  installing or configuring Db2-supplied routines. However,
  customers using external security may not prefer that the GRANT
  statements be generated or executed to comply with audit
  requirements.
  

Problem conclusion

Temporary fix

Comments

• This APAR enhances the Db2 CLIST to allow users to specify
  whether GRANTS are generated. DSNTIJRT/DSNTRIN is also
  modified to allow users to specify whether GRANT statements
  are executed and outputted to DD:SQLOUT and DD:SYSPRINT for
  reference.
  
  The settings for the GRANTOPT option is specified using the
  following new DSNTIJRT/DSNTRIN optional configuration
  (DB2OPT) keyword parameter:
   - GRANTOPT
     Specifies whether to generate and execute GRANT
     statements. Valid values are:
     o ENABLE
       DSNTRIN generates GRANT statements and in non-PREVIEW
       mode, executes them. ENABLE is used if this parameter is
       not specified.
     o DISABLE
       DSNTRIN does not generate or execute GRANT statements.
     o COMMENT
       DSNTRIN generates and outputs GRANT statement to the
       SQLOUT DD statement but does not execute them.
  
  In Db2 data sharing, it is recommended that all members
  of the group use the same setting.
  
  The example below shows how to specify GRANTOPT in job
  DSNTIJRT, with their default settings.
  
    //DSNTRIN EXEC PGM=DSNTRIN,COND=(4,LT),
    //             PARM=('Db2SSN(!DSN!) MODE(INSTALL)',
    //             ' AUTHID(!AUTHID!) SECDEFID(!SECDEFID!)',
    //             ' DEFPKOWN(!DEFPKOWN!)')
    . . .
    //DB2OPT   DD  *
      STOGROUP(SYSDEFLT)
      INDEXSTOG(SYSDEFLT)
      BP4K(BP0)
      BP8K(BP8K0)
      BP16K(BP16K0)
      BP32K(BP32K)
      LOBBP8K(BP8K0)
      LOBBP16K(BP16K0)
      LOBBP32K(BP32K)
      IMS_SECURITY(Db2)
      MQ_SECURITY(Db2)
      SOAP_SECURITY(Db2)
      RTN_PKG_APPLCOMPAT(DEFAULT)
      RTN_PKG_PLANMGMT(DEFAULT)
      MQ_ADMIN_ID(DEFAULT)
      GRANTOPT(ENABLE)
  
  This APAR also modifies the following Db2 installation
  CLIST panel:
   - Adds the following field to panel DSNTIPG (Installation
     Preferences)
      o GRANT OPTION:     ===>      GRANT processing option
                                     (ENABLE, DISABLE, COMMENT)
  
  The Db2 CLIST is also modified such that the GRANT OPTION
  field specifies the GRANTOPT parameter and how Db2
  installation jobs are generated:
    o ENABLE
      This is the existing behavior, and all GRANT statements
      will be generated.
    o DISABLE
      All GRANT statements will be removed from generated Db2
      installation jobs.
    o COMMENT
      All GRANT statements will be commented out in the
      generated Db2 installation jobs based on the type of
      input.
  
  The online product documentation for Db2 13 for z/OS is
  updated for the new function in this APAR. To find the
  changes and related information, search on "PH63973" or the
  following keywords:
  - GRANT OPTION field
  - Job DSNTIJRT
  

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UO02732

Modules/Macros

• DSN@RIN  DSN@XAZP DSNTIDXA DSNTIDXB DSNTIDXC DSNTIJRT DSNTINM1
  DSNTINM3 DSNTINMF DSNTINS1 DSNTINS2 DSNTINS3 DSNTINST DSNTIPG
  DSNTRIN  DSNTXAZP
  

Fix information

• Fixed component name

  DB2 OS/390 & Z/

• Fixed component ID

  5740XYR00

Applicable component levels

• RD10 PSY UO02732

     UP25/04/12 P F504  

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.