ACF0456 DTBL not authorized message after DB2 V12 upgrade but unload works fine
search cancel

ACF0456 DTBL not authorized message after DB2 V12 upgrade but unload works fine

book

Article ID: 115375

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Compress Data Compression for MVS Compress Data Compression for Fujitsu

Issue/Introduction

We upgraded DB2 to V12 on an z/OS 2.2 LPAR running ACF2 DB2 V1.3 (high ptf RO98993). Our DB2 is at function level 100. The setting in our DB2 zparm is AUTH_COMPATIBILITY=( SELECT_FOR_UNLOAD). We are aware of the new UNLOAD security. Our DBAs thought with the above settings it would continue to use SELECT authority. However, after implementation jobs were getting, for example, ACF4056 ACCESS To RESOURCE PRODXXXXXXX DTBL BY BTCHID NOT AUTHORIZED. Interesting thing is the UNLOAD ran fine, it was noticed because the messages were coming out. To be clear, we weren't planning on using the new UNLOAD option and wanted to continue to use SELECT for now. We aren't surprised the UNLOADs are still working, just not sure why the ACF4056 message is coming out. Our security group looked at ACF2 report and saw it was because did not have UNLOAD access (but they do have Select). Our DBAs are opening ticket with IBM. They are wondering if should leave AUTH_COMPATIBILITY blank until go to function level 500 or above. Also, we do not run the optional link edit of CADB2XAC to put in DB2 SDSNEXIT library.
 

Environment

z/OS CCS390 14.1 S1401

Cause

Review of the dump shows that the problem occurs because DB2 includes the MOD as part of the internal release definition, I.E. 1215(mod 5). The ENF/DB2 code did not take that into account. 

Resolution

ST05186.has been attached the fix to this case for download via SUPPORT.CA.COM . To implement: Deploy updated CAW0LOAD, refresh LLA if necessary and issue command: ENF REFRESH(CASR230)
Powered by Wolken Software