search cancel

-DIS BLOCKER(DPDBA01) gives ACF04056 message, but output of the command is returned

book

Article ID: 243997

calendar_today

Updated On:

Products

ACF2 - DB2 Option

Issue/Introduction

Issue DB2 command, -ssid DIS BLOCKERS(database)  gives ACF04056 message, but output of the command is returned.

 

ID userid has the following privilege:

$KEY(DISPLAY) TYPE(SYS) SYSID(ssid)

UID(**********DCA) ALLOW         

 

Message ACF04056 ACCESS TO RESOURCE ssid SYSDBADM TYPE DSYS BY userid NOT        

                                     AUTHORIZED

Was returned even though we got the output eventually.

 

 

Environment

Release : 1.3

Component : ACF2 Option for Db2

Resolution

  • ACF2/DB2 is responding to authorization requests issued by IBM/DB2.
  • Each request is being validated separately.
  1. The DISPLAY request  is issued by DB2 and validated successfully by ACF2/DB2.
  2. ACF2/DB2 passes validation outcome back to DB2. 
  3. Then DB2 issues a request to validate for SYSDBADM authority. This is validated by ACF2/DB2 and the user FAILS access so ACF2/DB2 issues a violation message (ACF04056) and passes the outcome of the request back to DB2
  4. Then DB2 issues a request for DISPLAYDB authorization.
  5. ACF2/DB2 validates this request and allows the user access.
  6. ACF2/DB2 passes the outcome back to DB2.
  7. DB2 provides the output of the command (DISPLAY BLOCKERS) to the user.

There is no way for ACF2/DB2 to know that the SYSDBADM request is related to the previous display request.