BIND ERROR question

Bill Janulin

BIND ERROR question
To list;
I got a user who reported the following:
READY                                                                                                                                 DSN SYSTEM(D20K )                                                                                                                    DSN                                                                                                                                    BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP) RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE) CURRENTDATA(NO) DEGREE(1 ) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS) VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)                                       DSNT212I  -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER KEYWORD                                                                                IS INVALID                                                                                                                DSNT233I  -D20K UNSUCCESSFUL BIND FOR                                                                                                            PACKAGE = D20K.DB2PK001.DB2PK001.()                                        

Note - RACF is not involved on this one. Do I need to do a GRANT BIND on PACKAGE DB2PK001.*  to DBAGRP?
Thks, Bill J.




Lizette Koehler

BIND ERROR question
(in response to Bill Janulin)
Did you see these threads?



http://www.idug.org/p/fo/et/thread=7340



http://www.idug.org/p/fo/et/thread=22820 http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460 &post=87460#p87460







Lizette





From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:32 AM
To: Lizette Koehler <[login to unmask email]>
Subject: [DB2-L] - BIND ERROR question



To list;



I got a user who reported the following:



READY

DSN SYSTEM(D20K )

DSN

BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP) RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE) CURRENTDATA(NO) DEGREE(1

) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS) VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)

DSNT212I -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER KEYWORD

IS INVALID

DSNT233I -D20K UNSUCCESSFUL BIND FOR

PACKAGE = D20K.DB2PK001.DB2PK001.()







Note - RACF is not involved on this one. Do I need to do a GRANT BIND on PACKAGE DB2PK001.* to DBAGRP?





Thks,

Bill J.



















-----End Original Message-----

Bill Janulin

BIND ERROR question
(in response to Lizette Koehler)
Yes, I saw them but I am not totally understanding which they are talking about. Like I said earlier, RACF is not involved with this. Does DBAGRP need SYSADM authority? I granted BINDAGENT to DBAGRP.
Bill J.


On Friday, July 21, 2017 1:46 PM, Lizette Koehler <[login to unmask email]> wrote:


#yiv8992056056 #yiv8992056056 -- _filtered #yiv8992056056 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv8992056056 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv8992056056 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}#yiv8992056056 #yiv8992056056 p.yiv8992056056MsoNormal, #yiv8992056056 li.yiv8992056056MsoNormal, #yiv8992056056 div.yiv8992056056MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;}#yiv8992056056 a:link, #yiv8992056056 span.yiv8992056056MsoHyperlink {color:blue;text-decoration:underline;}#yiv8992056056 a:visited, #yiv8992056056 span.yiv8992056056MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv8992056056 p.yiv8992056056msonormal0, #yiv8992056056 li.yiv8992056056msonormal0, #yiv8992056056 div.yiv8992056056msonormal0 {margin-right:0in;margin-left:0in;font-size:11.0pt;}#yiv8992056056 span.yiv8992056056EmailStyle20 {color:#1F497D;}#yiv8992056056 .yiv8992056056MsoChpDefault {font-size:10.0pt;} _filtered #yiv8992056056 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv8992056056 div.yiv8992056056WordSection1 {}#yiv8992056056 Did you see these threads?  http://www.idug.org/p/fo/et/thread=7340  http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460      Lizette    From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:32 AM
To: Lizette Koehler <[login to unmask email]>
Subject: [DB2-L] - BIND ERROR question  To list;  I got a user who reported the following:  READY                                                                                                                                DSN SYSTEM(D20K )                                                                                                                    DSN                                                                                                                                   BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP) RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE) CURRENTDATA(NO) DEGREE(1) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS) VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)                                       DSNT212I  -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER KEYWORD                                                                               IS INVALID                                                                                                                DSNT233I  -D20K UNSUCCESSFUL BIND FOR                                                                                                           PACKAGE = D20K.DB2PK001.DB2PK001.()                                          

Note - RACF is not involved on this one. Do I need to do a GRANT BIND on PACKAGE DB2PK001.*  to DBAGRP?

Thks, Bill J.







   -----End Original Message-----
Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: [login to unmask email] a data refresh task in less time than it takes to make a cup of coffee + save up to 90% in CPU
ESAi's BCV5 & XDM fast data refresh & Test Data Mgmt products will make you a hero to users. See
http://www.ESAIGroup.com/idug

Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2

Lizette Koehler

BIND ERROR question
(in response to Bill Janulin)
What SAF are you using. Some have different mechanisms.


Or are you using Native DB2 Security



You need to know how your IDs are setup in your SAF with relationship to DB2.



Is the BIND done under USER1 or USER2? Is this a batch job with USER XYZ running it and then BIND is trying to use DBAGRP



Are you doing the bind under your TSO ID and using DBAGRP in the bind statements?







Lizette





From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:53 AM
To: [login to unmask email]
Subject: [DB2-L] - RE: BIND ERROR question



Yes, I saw them but I am not totally understanding which they are talking about. Like I said earlier, RACF is not involved with this. Does DBAGRP need SYSADM authority? I granted BINDAGENT to DBAGRP.



Bill J.



On Friday, July 21, 2017 1:46 PM, Lizette Koehler < <mailto:[login to unmask email]> [login to unmask email]> wrote:



Did you see these threads?



http://www.idug.org/p/fo/et/thread=7340 http://www.idug.org/p/fo/et/thread=7340



http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460 http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460







Lizette





From: william janulin [ <mailto:[login to unmask email]> mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:32 AM
To: Lizette Koehler < <mailto:[login to unmask email]> [login to unmask email]>
Subject: [DB2-L] - BIND ERROR question



To list;



I got a user who reported the following:



READY

DSN SYSTEM(D20K )

DSN

BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP) RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE) CURRENTDATA(NO) DEGREE(1

) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS) VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)

DSNT212I -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER KEYWORD

IS INVALID

DSNT233I -D20K UNSUCCESSFUL BIND FOR

PACKAGE = D20K.DB2PK001.DB2PK001.()





Note - RACF is not involved on this one. Do I need to do a GRANT BIND on PACKAGE DB2PK001.* to DBAGRP?



Thks,

Bill J.











-----End Original Message-----



-----End Original Message-----





-----End Original Message-----

Bill Janulin

BIND ERROR question
(in response to Lizette Koehler)
This is native DB2 security. According to the documents I reviewed (the links you provided) a solution would be to GRANT SYSADM privilege to the "owner" in that bind. It is a batch job that was running. TSO ID's are not involved with this. The "owner" is DBAGRP.

Bill J.


On Friday, July 21, 2017 4:05 PM, Lizette Koehler <[login to unmask email]> wrote:


#yiv8639177737 #yiv8639177737 -- _filtered #yiv8639177737 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv8639177737 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv8639177737 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv8639177737 {panose-1:3 15 7 2 3 3 2 2 2 4;}#yiv8639177737 #yiv8639177737 p.yiv8639177737MsoNormal, #yiv8639177737 li.yiv8639177737MsoNormal, #yiv8639177737 div.yiv8639177737MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;}#yiv8639177737 a:link, #yiv8639177737 span.yiv8639177737MsoHyperlink {color:blue;text-decoration:underline;}#yiv8639177737 a:visited, #yiv8639177737 span.yiv8639177737MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv8639177737 p.yiv8639177737MsoListParagraph, #yiv8639177737 li.yiv8639177737MsoListParagraph, #yiv8639177737 div.yiv8639177737MsoListParagraph {margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msonormal0, #yiv8639177737 li.yiv8639177737msonormal0, #yiv8639177737 div.yiv8639177737msonormal0 {margin-right:0in;margin-left:0in;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msonormal0, #yiv8639177737 li.yiv8639177737msonormal0, #yiv8639177737 div.yiv8639177737msonormal0 {margin-right:0in;margin-left:0in;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msonormal, #yiv8639177737 li.yiv8639177737msonormal, #yiv8639177737 div.yiv8639177737msonormal {margin-right:0in;margin-left:0in;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msochpdefault, #yiv8639177737 li.yiv8639177737msochpdefault, #yiv8639177737 div.yiv8639177737msochpdefault {margin-right:0in;margin-left:0in;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msonormal1, #yiv8639177737 li.yiv8639177737msonormal1, #yiv8639177737 div.yiv8639177737msonormal1 {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msonormal01, #yiv8639177737 li.yiv8639177737msonormal01, #yiv8639177737 div.yiv8639177737msonormal01 {margin-right:0in;margin-left:0in;font-size:11.0pt;}#yiv8639177737 p.yiv8639177737msochpdefault1, #yiv8639177737 li.yiv8639177737msochpdefault1, #yiv8639177737 div.yiv8639177737msochpdefault1 {margin-right:0in;margin-left:0in;font-size:10.0pt;}#yiv8639177737 span.yiv8639177737msohyperlink {}#yiv8639177737 span.yiv8639177737msohyperlinkfollowed {}#yiv8639177737 span.yiv8639177737emailstyle20 {}#yiv8639177737 span.yiv8639177737msohyperlink1 {color:blue;text-decoration:underline;}#yiv8639177737 span.yiv8639177737msohyperlinkfollowed1 {color:purple;text-decoration:underline;}#yiv8639177737 span.yiv8639177737emailstyle201 {color:#1F497D;}#yiv8639177737 span.yiv8639177737EmailStyle31 {color:#1F497D;}#yiv8639177737 span.yiv8639177737EmailStyle32 {color:windowtext;}#yiv8639177737 .yiv8639177737MsoChpDefault {font-size:10.0pt;} _filtered #yiv8639177737 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv8639177737 div.yiv8639177737WordSection1 {}#yiv8639177737 _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {} _filtered #yiv8639177737 {}#yiv8639177737 ol {margin-bottom:0in;}#yiv8639177737 ul {margin-bottom:0in;}#yiv8639177737 What SAF are you using.  Some have different mechanisms.
Or are you using Native DB2 Security  You need to know how your IDs are setup in your SAF with relationship to DB2.  Is the BIND done under USER1 or USER2?  Is this a batch job with USER XYZ running it and then BIND is trying to use DBAGRP  Are you doing the bind under your TSO ID and using DBAGRP in the bind statements?

   Lizette    From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:53 AM
To: [login to unmask email]
Subject: [DB2-L] - RE: BIND ERROR question  Yes, I saw them but I am not totally understanding which they are talking about. Like I said earlier, RACF is not involved with this. Does DBAGRP need SYSADM authority? I granted BINDAGENT to DBAGRP.  Bill J.  On Friday, July 21, 2017 1:46 PM, Lizette Koehler <[login to unmask email]> wrote:  Did you see these threads? http://www.idug.org/p/fo/et/thread=7340 http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460   Lizette  From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:32 AM
To: Lizette Koehler <[login to unmask email]>
Subject: [DB2-L] - BIND ERROR question To list; I got a user who reported the following: READY                                                                                                                                DSN SYSTEM(D20K )                                                                                                                    DSN                                                                                                                                   BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP) RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE) CURRENTDATA(NO) DEGREE(1) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS) VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)                                       DSNT212I  -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER KEYWORD                                                                               IS INVALID                                                                                                                DSNT233I  -D20K UNSUCCESSFUL BIND FOR                                                                                                           PACKAGE = D20K.DB2PK001.DB2PK001.()                                            Note - RACF is not involved on this one. Do I need to do a GRANT BIND on PACKAGE DB2PK001.*  to DBAGRP?  Thks, Bill J.        -----End Original Message-----  -----End Original Message-----
Site Links: View post online   View mailing list online   Start new thread via email   Unsubscribe from this mailing list   Manage your subscription  

This email has been sent to: [login to unmask email] a data refresh task in less time than it takes to make a cup of coffee + save up to 90% in CPU
ESAi's BCV5 & XDM fast data refresh & Test Data Mgmt products will make you a hero to users. See
http://www.ESAIGroup.com/idug

Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2

Lizette Koehler

BIND ERROR question
(in response to Bill Janulin)
From the thread on IDUG for DB2-L



http://www.idug.org/p/fo/et/thread=18534



In order to use the OWNER(USER1), the person who submits the job must have
either
1. SYSADM
2. a valid RACF group of USER1 attached to the userid
3. or a primary id of USER1
Item number 2 always requires request to the RACF security group and they
always want to know what the group name is for. I usually wait until they
setup a group id for the project and then use that for the secondary auth.



I am not sure what you would do if you use native DB2 Security.



Lizette



From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 1:12 PM
To: [login to unmask email]
Subject: [DB2-L] - RE: BIND ERROR question



This is native DB2 security. According to the documents I reviewed (the links you provided) a solution would be to GRANT SYSADM privilege to the "owner" in that bind. It is a batch job that was running. TSO ID's are not involved with this. The "owner" is DBAGRP.



Bill J.



On Friday, July 21, 2017 4:05 PM, Lizette Koehler <[login to unmask email] <mailto:[login to unmask email]> > wrote:



What SAF are you using. Some have different mechanisms.


Or are you using Native DB2 Security



You need to know how your IDs are setup in your SAF with relationship to DB2.



Is the BIND done under USER1 or USER2? Is this a batch job with USER XYZ running it and then BIND is trying to use DBAGRP



Are you doing the bind under your TSO ID and using DBAGRP in the bind statements?





Lizette





From: william janulin [mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:53 AM
To: [login to unmask email] <mailto:[login to unmask email]>
Subject: [DB2-L] - RE: BIND ERROR question



Yes, I saw them but I am not totally understanding which they are talking about. Like I said earlier, RACF is not involved with this. Does DBAGRP need SYSADM authority? I granted BINDAGENT to DBAGRP.



Bill J.



On Friday, July 21, 2017 1:46 PM, Lizette Koehler < <mailto:[login to unmask email]> [login to unmask email]> wrote:



Did you see these threads?



http://www.idug.org/p/fo/et/thread=7340 http://www.idug.org/p/fo/et/thread=7340



http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460 http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460







Lizette





From: william janulin [ <mailto:[login to unmask email]> mailto:[login to unmask email]
Sent: Friday, July 21, 2017 10:32 AM
To: Lizette Koehler < <mailto:[login to unmask email]> [login to unmask email]>
Subject: [DB2-L] - BIND ERROR question



To list;



I got a user who reported the following:



READY

DSN SYSTEM(D20K )

DSN

BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP) RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE) CURRENTDATA(NO) DEGREE(1

) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS) VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)

DSNT212I -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER KEYWORD

IS INVALID

DSNT233I -D20K UNSUCCESSFUL BIND FOR

PACKAGE = D20K.DB2PK001.DB2PK001.()





Note - RACF is not involved on this one. Do I need to do a GRANT BIND on PACKAGE DB2PK001.* to DBAGRP?



Thks,

Bill J.

_____

Ray Lopez

RE: BIND ERROR question
(in response to Lizette Koehler)

to me, this means:  BIND AUTHORIZATION ID DBAGRP  IS INVALID  or if it is VALID as you state, then the USERID doing the BIND does not have the AUTH to SET CURRENT SQLID = DBAGRP.     For example, if a cobol developer tries to SET CURRENT SQLID = DBAGRP, he should not be able to use that.   Most likely the USERID doing the bind is not part of the DBAGRP in ACF2/RACF. 

na

Carol Anne Sutfin

BIND ERROR question
(in response to Bill Janulin)
Check that DBAGRP has BIND access to the Collection if the package exists or BINDADD if it is a new package.

Carol Sutfin


Sent from my Samsung Galaxy , an AT&T LTE smartphone
-------- Original message --------From: Ray Lopez <[login to unmask email]> Date: 7/23/17 10:55 AM (GMT-06:00) To: [login to unmask email] Subject: [DB2-L] - RE: BIND ERROR question
to me, this means:  BIND AUTHORIZATION ID DBAGRP  IS INVALID  or if it is VALID as you state, then the USERID doing the BIND does not have the AUTH to SET CURRENT SQLID = DBAGRP.     For example, if a cobol developer tries to SET CURRENT SQLID = DBAGRP, he should not be able to use that.   Most likely the USERID doing the bind is not part of the DBAGRP in ACF2/RACF. 

na
Site Links:
View post online  
View mailing list online  
Start new thread via email  
Unsubscribe from this mailing list  
Manage your subscription  


This email has been sent to: [login to unmask email]

Setup a data refresh task in less time than it takes to make a cup of coffee + save up to 90% in CPU

ESAi's BCV5 & XDM fast data refresh & Test Data Mgmt products will make you a hero to users. See

http://www.ESAIGroup.com/idug



Use of this email content is governed by the terms of service at:
http://www.idug.org/p/cm/ld/fid=2

James Campbell

BIND ERROR question
(in response to Bill Janulin)
SET CURRENT SQLID = 'DBAGRP';
GRANT BINDAGENT TO <id>;

<id> can be either an individual's id or a secondary auth-id.

If *you* granted bindagent to DBAGRP, that means that DBAGRP, or anyone with it as a
secondary auth-id, can use your user as OWNER.



James Campbell

On 21 Jul 2017 at 17:52, william janulin wrote:

>
> Yes, I saw them but I am not totally understanding which they are talking about.
> Like I said earlier, RACF is not involved with this. Does DBAGRP need SYSADM
> authority? I granted BINDAGENT to DBAGRP.
>
> Bill J.
>
>
> On Friday, July 21, 2017 1:46 PM, Lizette Koehler <[login to unmask email]>wrote:
>
>
> Did you see these threads?
>  
> http://www.idug.org/p/fo/et/thread=7340
>  
> http://www.idug.org/p/fo/et/thread=22820&post=87460#p87460
>  
>  
>  
> Lizette
>  
>  
> From: william janulin [mailto:[login to unmask email] Sent: Friday, July 21, 2017
> 10:32 AM To: Lizette Koehler <[login to unmask email]> Subject: [DB2-L] - BIND
> ERROR question
>  
> To list;
>  
> I got a user who reported the following:
>  
> READY                            
>                                                                                                    
> DSN SYSTEM(D20K
> )                                                                                                                   
> DSN                  
>                                                                                                                
>  BIND PACKAGE(DB2PK001) OWNER(DBAGRP) QUALIFIER(SHELTRP)
> RELEASE(COMMIT) SQLERROR(NOPACKAGE) ACTION(REPLACE)
> CURRENTDATA(NO) DEGREE(1
> ) DYNAMICRULES(RUN) EXPLAIN(NO) FLAG(I) ISOLATION(CS)
> VALIDATE(RUN) ENABLE(*) MEMBER(DB2PK001)                                      
> DSNT212I  -D20K BIND AUTHORIZATION ID DBAGRP IN THE OWNER
> KEYWORD                                                                    
>            IS
> INVALID                                                                                                               
> DSNT233I  -D20K UNSUCCESSFUL BIND
> FOR                                                                                                
>            PACKAGE = D20K.DB2PK001.DB2PK001.()                                        
>  
> Note - RACF is not involved on this one. Do I need to do a GRANT BIND on
> PACKAGE DB2PK001.*  to DBAGRP?
> Thks,
>  Bill J.
>