A fix is available
APAR status
Closed as program error.
Error description
Customer has two authorizations on a user that need to be revoked that show on panel ADB2AUD. When they do the primary (or general) command REVOKE from command line to do both revokes at one time, the revoke statements built are incorrect and return SQL error -104. The revoke statements built were as below: REVOKE FROM "TEST"; REVOKE DATAACCESS FROM "TEST"; Using the revoke line command on these two authorizations builds the correct revoke statements as shown below: REVOKE SQLADM FROM "TEST" NOT INCLUDING DEPENDENT PRIVILEGES; REVOKE DATAACCESS FROM "TEST" NOT INCLUDING DEPENDENT PRIVILEGES;
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of Db2 Administration Tool for z/OS * **************************************************************** * PROBLEM DESCRIPTION: When the user issues the REVOKE * * primary command on panel ADB2AUD, * * the generated REVOKE commands are * * not valid and return SQL error * * codes. * **************************************************************** The user needs to revoke two user authorizations that are displayed on panel ADB2AUD. When they issue the REVOKE primary command from the command line to perform both revokes at the same time, the generated REVOKE statements are incorrect and return SQL error codes. The following REVOKE statements were generated: REVOKE FROM "TEST"; REVOKE DATAACCESS FROM "TEST"; The first REVOKE statement is missing the privilege being revoked, and the second REVOKE statement needs the parameter NOT INCLUDING DEPENDENT PRIVILEGES, as that is a requirement for revoking the DATAACCESS privilege. Also, when trying to revoke the CREATE_SECURE_OBJECT privilege and the DBADM privilege with the REVOKE primary command, the privilege names in the REVOKE statement are incorrect. Other instances have also occurred where the required NOT INCLUDING DEPENDENT PRIVILEGES clause or INCLUDING DEPENDENT PRIVILEGES clause is not generated when using the REVOKE primary command.
Problem conclusion
The problems have been resolved.
Temporary fix
Comments
APAR Information
APAR number
PH56371
Reported component name
DB2 ADMIN TOOL
Reported component ID
568851500
Reported release
D10
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-08-15
Closed date
2023-11-22
Last modified date
2023-12-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI94589 UI94590
Modules/Macros
ADB2AUD ADB2UA ADBHAUD
Fix information
Fixed component name
DB2 ADMIN TOOL
Fixed component ID
568851500
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSZJXP","label":"DB2 Tools for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"D10","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
04 December 2023