CA SymDump for CICS and CA InterTest for CICS can get AD2U abends when trying to capture or display the LASTSQL statement.
Article ID: 50411
Updated On:
Products
Issue/Introduction
Description:
With CA SymDump for CICS, when attempting to capture the LASTSQL statement, an AD2U can occur if proper authorization is not granted to the CICS DB2 plan (IN85PLAN).
As described in the CICS Transaction Server Resource Definition Guide, A DB2ENTRY defines the attributes of entry threads used by the CICS DB2 attachment facility. The AUTHTYPE within the DB2ENTRY definition defaults to USERID, which indicates the USERID associated with the CICS transaction is used as the authorization ID. This requires that each USERID be granted DB2 EXECUTE authority to the IN85PLAN.
However, the AUTHTYPE within the DB2ENTRY definition can be set to TX, which specifies the transaction identification as the authorization ID. Using this AUTHTYPE only requires the internal CA SymDump for CICS transaction to capture the LASTSQL (SYMD) be granted EXECUTE authority.
Note: This internal transaction ID default is SYMD; however, it can be changed via IN25OPTS. The transaction ID to be granted DB2 EXECUTE authority to the IN85PLAN must match this internal transaction.
With CA InterTest for CICS, when attempting to display the LASTSQL statement via the CORE command (CORE=LASTSQL) while at a breakpoint, an AD2U can occur if proper authorization is not granted to the CICS DB2 plan (IN85PLAN).
If the AUTHTYPE within the DB2ENTRY definition is set to TX, which specifies the transaction identification as the authorization ID, then the internal CA InterTest for CICS transaction used for handling breakpoints (VTAT) must be granted EXECUTE authority.
Note: This internal transaction ID default is VTAT; however, it can be changed via IN25OPTS. The transaction ID to be granted DB2 EXECUTE authority to the IN85PLAN must match this internal transaction.
Solution:
This sample JCL can be used to define a DB2ENTRY with AUTHTYPE set to TX:
//JOBCARD JOB
//STEPIN01 EXEC PGM=DFHCSDUP,PARM='CSD(READWRITE)',REGION=1M
//STEPLIB DD DSN=your.CICS.SDFHLOAD,DISP=SHR
//SYSPRINT DD SYSOUT=*
//DFHCSD DD DSN=your.CICS.DFHCSD,DISP=SHR
//SYSIN DD *
DEFINE DB2ENTRY(IN85PLAN) GROUP(yourgrp) PLAN(IN85PLAN)
AUTHTYPE(TX)
DESCRIPTION(INTERTEST 8.5 DB2 ENTRY)
/*
This sample JCL can be used to grant SYMD and/or VTAT execute authority to plan IN85PLAN:
//JOBCARD JOB
//RESEWTBS EXEC PGM=IKJEFT01,DYNAMNBR=20
//STEPLIB DD DISP=SHR,DSN=your.DB2.SDSNLOAD
//SYSTSPRT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSIN DD *
GRANT EXECUTE ON PLAN IN85PLAN TO SYMD;
GRANT EXECUTE ON PLAN IN85PLAN TO VTAT;
//SYSTSIN DD *
DSN SYSTEM(D81A) <<< THIS IS YOUR DB2 SYSTEM ID
RUN PROGRAM(DSNTEP2) -
PLAN(DSNTEP81) - <<< THIS IS YOUR DB2 PLAN FOR DSNTEP2
LIB('D81A.RUNLIB.LOAD') <<< THIS IS YOUR DB2 RUNLIB
END
/*
This sample JCL can be used to display who/what has EXECUTE Authority to the IN85PLAN.
The SYSPRINT report will show EXECUTEAUTH for each GRANTEE.
G or Y in the EXECUTEAUTH column indicates the GRANTEE has access.
//JOBCARD JOB
//RESEWTBS EXEC PGM=IKJEFT01,DYNAMNBR=20
//STEPLIB DD DISP=SHR,DSN=your.DB2.SDSNLOAD
//SYSTSPRT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSIN DD *
SELECT * FROM SYSIBM.SYSPLANAUTH WHERE NAME = 'IN85PLAN'
//SYSTSIN DD *
DSN SYSTEM(D81A) <<< THIS IS YOUR DB2 SYSTEM ID
RUN PROGRAM(DSNTEP2) -
PLAN(DSNTEP81) - <<< THIS IS YOUR DB2 PLAN FOR DSNTEP2
LIB('D81A.RUNLIB.LOAD') <<< THIS IS YOUR DB2 RUNLIB
END
/*
Environment
Component:
Feedback
