A fix is available
APAR status
Closed as program error.
Error description
After application of DB2 APAR PM17665 (PTF UK65970 for DB2 V8 or UK65969 for DB2 V10), receive SQLCODE -551 when accessing FM/DB2 on a remote DB2 server.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: ll users of File Manager DB2 component. * **************************************************************** * PROBLEM DESCRIPTION: SQLCODE-551 accessing a remote DB2 * * server using FM/DB2 after application * * of DB2 APAR PM17665, DB2 private * * protocol in use. * **************************************************************** * RECOMMENDATION: Apply the provided PTF. * **************************************************************** The use of DB2 private protocol was discouraged at DB2 version 9 (a warning is issued if a BIND specifies DBPROTOCOL(PRIVATE)). At DB2 version 10 the use of DB2 private protocol is removed entirely. It is possible, however, that plans bound on earlier versions of DB2 that are not re-bound after migration of the DB2 system to version 10 may still show the use of private protocol in various DB2 catalog tables. DB2 APAR PM17665 introduces a change in behaviour with respect to authorization validation of remote DB2 users. Prior to application of APAR PM17665 a user with EXECUTE access on the remote FM/DB2 plans was able use FM/DB2 remotely. After the application of APAR PM17665, a user may also require execute access on all of the packages contained in the remote FM/DB2 plan, to use FM/DB2 remotely. See APAR PM17665 and subsequent apars for a full explanation.
Problem conclusion
File Manager DB2 component has been updated to correct the problem. As supplied - the sample FM/DB2 bind jobs do not specify DBPROTOCOL(PRIVATE), rather no value for DBPROTOCOL is specified, resulting in the default of DRDA for remote DB2 connections. Users may need to re-run the FMN2BIND job if FM/DB2 is used to access remote DB2 z/OS servers, AND if the FM/DB2 sample bind job(s) were previously modified to use DB2 private protocol instead of the recommended default (DRDA). See "DB2 10 for z/OS Managing Security" SC19-3496-01, Chapter 2 "Managing access through authorization IDs and Roles", Section "Managing implicit privileges", sub-section "Managing implicit privileges through plan or package ownership", topic "Authorizing plan or package access for remote applications", sub-topic "Authorization checking for executing packages remotely" for a full explanation of the DB2-related authorization changes.
Temporary fix
Comments
APAR Information
APAR number
PM70769
Reported component name
FILE MANAGER Z/
Reported component ID
5655W4700
Reported release
B12
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2012-08-13
Closed date
2012-10-22
Last modified date
2012-11-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
FMN2LVL
Fix information
Fixed component name
FILE MANAGER Z/
Fixed component ID
5655W4700
Applicable component levels
RB12 PSY UK82843
UP12/10/25 P F210
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B12","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSXJAV","label":"File Manager for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B12","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
01 November 2012