A fix is available
APAR status
Closed as new function.
Error description
DB2DDF defect pm34817 dpm38417 Finish ZPARM related changes for PM37300. *****************************************
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All Distributed Data Facility (DDF) users. * * Specifically where DB2 for z/OS is accessed * * as a server, via DRDA protocols, from * * remote DB2 for z/OS client applications. * **************************************************************** * PROBLEM DESCRIPTION: With the elimination of DB2 Private * * Protocol in DB2 10 for z/OS, the * * current DB2 server plan owner based * * authorization behavior relative to * * remote DB2 for z/OS client systems * * is no longer applicable. * * APARs PM17665 and PM37300 made changes * * to allow users to move to this new * * authorization environment however * * additional changes are required. * **************************************************************** * RECOMMENDATION: * **************************************************************** When a DB2 for z/OS server is accessed via DRDA protocols, the authorization behavior relative to remote DB2 for z/OS client applications is different than the authorization behavior relative to remote non DB2 for z/OS client applications. The authorization behavior for a DB2 for z/OS DRDA client application was treated differently because it was associated to a DB2 for z/OS Plan, and thus DB2 for z/OS server processing wanted to apply the same authorization behavior that users were accustomed to with DB2 Private Protocol. That is, remote DB2 for z/OS DRDA client application privileges, like those for Private Protocol, are also inherited from the associated DB2 for z/OS Plan Owner ID and this privilege inheritance has historically been honored by DB2 for z/OS servers relative to remote DB2 for z/OS client applications only. Now that DB2 Private Protocol is being eliminated, this DB2 for z/OS server privilege inheritance behavior (relative to remote DB2 for z/OS DRDA client applications) is no longer applicable and is being eliminated for the benefit of consistent authorization behavior with respect to non DB2 for z/OS client applications. Changes were made via APARs PM17665 and PM37300 to help users move to the new authorization environment, however additional changes are required. o Users may need additional time to evaluate their dependency on the old authorization behavior and make the necessary authorization adjustments to adapt to the new environment. As a result, DB2 provides a DSNZPARM configurational value, via the DSN6FAC macro PRIVATE_PROTOCOL parameter, to enable or disable this new authorization environment. Additional changes are necessary to complete the implementation of this configurational value. o When operating under the new package execution authorization environment, via DSN6FAC PRIVATE_PROTOCOL=NO, and in an effort to provide consistent behavior and appearance relative to remote DB2 for z/OS and non DB2 for z/OS applications, APAR PM37300 made changes to always utilize a plan name of DISTSERV - even relative to remote DB2 for z/OS (plan name based) applications. This plan name related change must be reversed because there is value in continuing to recognize the actual plan name associated to remote DB2 for z/OS applications.
Problem conclusion
Temporary fix
Comments
DB2 for z/OS server processing, relative to remote (via DRDA) DB2 for z/OS client applications only, is changed to provide additional enhancements for the benefit of moving to an environment that provides consistent authorization behavior with respect to remote non DB2 for z/OS client applications. o DB2 has been changed to complete the changes associated to the implementation, or extension, of the DSN6FAC PRIVATE_PROTOCOL parameter. o When DB2 is configured to enable the new package execution authorization environment, DB2 has been changed to restore its knowledge of the remote DB2 for z/OS application plan name.
APAR Information
APAR number
PM38417
Reported component name
DB2 OS/390 & Z/
Reported component ID
5740XYR00
Reported release
A10
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-05-04
Closed date
2011-11-23
Last modified date
2012-01-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK74175 UK74176 UK74177
Modules/Macros
DSN@XAZP DSNDQWPZ DSNLTACC DSNLTCCN DSNLTRDL DSNTIDXA DSNTIDXB DSNTIJUZ DSNTINST DSNTXAZP DSNWZIFA DSNWZIF8 DSNWZIF9 DSNXEAAL DSNXEDST DSN6FAC
Fix information
Fixed component name
DB2 OS/390 & Z/
Fixed component ID
5740XYR00
Applicable component levels
RA10 PSY UK74175
UP11/12/13 P F112
R810 PSY UK74176
UP11/12/13 P F112
R910 PSY UK74177
UP11/12/13 P F112
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEPEK","label":"Db2 for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 January 2012