home clear 64x64
en blue 200x116 de orange 200x116 info letter User
suche 36x36
Latest versionsfixlist
11.1.0.7 FixList
10.5.0.9 FixList
10.1.0.6 FixList
9.8.0.5 FixList
9.7.0.11 FixList
9.5.0.10 FixList
9.1.0.12 FixList
Have problems? - contact us.
Register for free anmeldung-x26
Contact form kontakt-x26

DB2 - Problem description

Problem IC63568 Status: Closed

CREATE SECURITY LABEL COMMAND ALLOWS IMPROPER SYNTAX

product:
DB2 FOR LUW / DB2FORLUW / 950 - DB2
Problem description:
The CREATE SECURITY LABEL command allows improper syntax which 
allows the command to complete, but not to make the expected 
changes to the database.  Each component should be specified at 
most once in the statement.  Values belonging to the same 
component should just be separated by comma without 
re-specifying the component-name.  For example, the following 
command would not register 'owner' as a component of this 
security 
label because the second 'COMPONENT mycomponent' is improper 
syntax. 
 
db2 "CREATE SECURITY LABEL mysecpolicy.myseclabel  COMPONENT 
mycomponent 'managers', COMPONENT mycomponent 'owner'" 
 
The consequences of this issue are that DDL can differ from what 
the DBA would expect. Missing DDL can be verified with the 
db2look utility.
Problem Summary:
**************************************************************** 
* USERS AFFECTED:                                              * 
* Users of the CREATE SECURITY LABEL command                   * 
**************************************************************** 
* PROBLEM DESCRIPTION:                                         * 
* The CREATE SECURITY LABEL command allows impropersyntaxwhich * 
* allows the command to complete, but not to maketheexpected   * 
* changes to the database.  Each component shouldbespecified   * 
* at most once in the statement.  Valuesbelongingto the same   * 
* component should just be separated bycommawithout            * 
* re-specifying the component-name.For example,the following   * 
* command would not register'owner' as acomponent of this      * 
* security label because thesecond'COMPONENT mycomponent' is   * 
* improper syntax:db2 "CREATESECURITY LABEL                    * 
* mysecpolicy.myseclabel2 COMPONENTmycomponent'managers',      * 
* COMPONENT mycomponent 'owner'"The consequencesof this defect * 
* are that DDL can differ fromwhat the DBAwould expect.        * 
* Missing DDL can be verified withthe db2lookutility.          * 
**************************************************************** 
* RECOMMENDATION:                                              * 
* Upgrade to DB2 v9.5 FP6 or newer                             * 
****************************************************************
Local Fix:
Use the proper syntax, which would only use the COMPONENT 
keyword only once for each component: 
    db2 "CREATE SECURITY LABEL mysecpolicy.myseclabel COMPONENT 
mycomponent 'managers', 'owner'"
available fix packs:
DB2 Version 9.5 Fix Pack 6a for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 7 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 8 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 9 for Linux, UNIX, and Windows
 DB2 Version 9.5 Fix Pack 10 for Linux, UNIX, and Windows
Solution
Upgrade to DB2 v9.5 FP6 or newer
Workaround
not known / see Local fix
BUG-Tracking
forerunner  : APAR is sysrouted TO one or more of the following: IC63571 IC63574 IC67911 
follow-up :
Timestamps
Date  - problem reported    :
Date  - problem closed      :
Date  - last modified       :

05.10.2009
23.09.2010
23.09.2010
Problem solved at the following versions (IBM BugInfos)
9.5.FP6
Problem solved according to the fixlist(s) of the following version(s)