IBM Support

IC90835: SQL FUNCTION DEFINER NOT GIVEN WITH GRANT OPTION (CAN LEAD TO ERRORS LIKE SQL0551N ON LATER GRANT)

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The definer of a SQL function should be given the WITH GRANT
    OPTION on the function if the definer has
    WITH GRANT OPTION on all privileges required to define the
    function, or if the definer has SYSADM
    or DBADM authority.  However, if all of the following conditions
    are true, the definer is incorrectly
    given only EXECUTE privilege without the WITH GRANT OPTION:
    
      - The SQL function is inlined
      - The function definer does not have SYSADM or DBADM authority
      - SQL function body references one or more procedures
      - The function definer has the WITH GRANT OPTION on all
    referenced procedures
    
    This can lead to errors like SQL0551N when trying to GRANT
    privileges on such a function.
    
    With the conditions above all true you would see that the
    created function privileges
    in SYSCAT.ROUTINEAUTH would show a 'Y' for the 'EXECUTEAUTH'
    column instead of a 'G'.
    

Local fix

  • Explicitly grant EXECUTE privilege WITH GRANT OPTION to the
    function definer
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All                                                          *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See Problem Description above.                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Upgrade to DB2 Version 9.7 Fix Pack 9.                       *
    ****************************************************************
    

Problem conclusion

  • Fixed in DB2 Version 9.7 Fix Pack 9.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC90835

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    970

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-03-13

  • Closed date

    2013-12-16

  • Last modified date

    2013-12-16

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IC91229 IC95715

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • R970 PSN

       UP



Document information

More support for: DB2 for Linux, UNIX and Windows

Software version: 9.7

Reference #: IC90835

Modified date: 16 December 2013