A fix is available
APAR status
Closed as program error.
Error description
DB2 ADMINISTRATION FOR Z/OS GEN SHOWS INFORMATION FOR DB2 AUTHORIZATION TABLES EVEN FOR USERS WITH NO READ ACCESS.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of the DB2 Administration Tool * * for z/OS who want the ID of the user * * to be used to verify access to DB2 * * authorization tables when the DB2 * * Administration Tool programs * * (e.g. ADB2GEN) are run by a user. * * This is only for DB2 v8 new function * * mode or later. * **************************************************************** * PROBLEM DESCRIPTION: Users who do not have the * * SELECT privilege on DB2 * * authorization tables and are * * allowed to run the DB2 * * Administration Tool program * * ADB2GEN, can see information * * from DB2 authorization tables by * * generating GRANT statements. * * This is because DB2 uses the * * owner of the packages for * * ADB2GEN when verifying * * access, and most likely the package * * owner has the SELECT privilege. In * * addition, the DB2 Administration * * Tool installation grants the execute * * privilege on the DB2 Administration * * Tool plans to Public. * * * * By default, all users will be able to * * run DB2 Administration Tool programs, * * and therefore be able to generate * * GRANT statements whether or not * * the ID has the privilege to perform a * * select from the DB2 authorization table * * * * There is no way to configure the DB2 * * Administration Tool such that * * when the DB2 Administration Tool * * programs run, the ID of the * * user is used to verify access to * * DB2 authorization tables. This * * APAR adds this ability. * **************************************************************** * RECOMMENDATION: Apply The PTF. * **************************************************************** The DB2 Administration Tool for z/OS uses the package owner when verifying access to DB2 authorization tables, but there is no way to configure the DB2 Administration Tool for z/OS to use the ID of the user running DB2 Administration Tool programs to verify access to the DB2 authorization tables.
Problem conclusion
This APAR adds the ability to have DB2 use the ID of the user who runs the DB2 Administration Tool programs when verifying access to DB2 authorization tables.
Temporary fix
Comments
APAR Information
APAR number
PM23327
Reported component name
DB2 ADMIN TOOL
Reported component ID
568851500
Reported release
720
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-09-28
Closed date
2010-11-17
Last modified date
2011-02-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK62280
Modules/Macros
ADBBIND ADBBIND2 ADBRIP9 ADBSEL ADB2REM ADB2REY ADB2RGC ADB2RIP H0IH720J
Fix information
Fixed component name
DB2 ADMIN TOOL
Fixed component ID
568851500
Applicable component levels
R720 PSY UK62280
UP10/12/10 P F012
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCVQTD","label":"IBM Db2 Administration Tool for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"720","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
06 February 2011