DSN9016I when trying to issue DB2 operator command at console

book

Article ID: 19065

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Description:

When we try to enter an operator command to DB2 from a console we are getting DSN9016I - Not Authorized message. For example, STO DB2 results in DSN9016I -DAF0 '-STO' COMMAND REJECTED, UNAUTHORIZED REQUEST

Solution:

Create a user id for *BYPASS* in DB2 and give it the SYSOPR privilege. *BYPASS* is a standard z/OS default assigned when no other id is available to satisfy a signon request (a VERIFY call). In this case the VERIFY call is being made from DB2 in response to a DB2 console command. DB2 wants to make a check for SYSOPR against an id. Since no id is available, z/OS plugs in *BYPASS*. This is not an ACF2 decision. In fact, ACF2 ignores signons for *BYPASS* and does not even require a lidrec for it.

An alternative to this use of *BYPASS* would be to set SIGNON(REQUIRED) in the CONSOLXX member of SYS1.PARMLIB and require that your consoles be signed on. In that way, there would always be a valid userid assigned to the console and that is the id that would be checked for SYSOPR authority.

Environment

Release: ACF2DB00200-1.3-ACF2-Option for DB2
Component: