Top 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 Support
Nightmares & How toNightmares & How toNightmares & How toNightmares & How to
Avoid ThemAvoid ThemAvoid ThemAvoid Them
Part 1 - Unintended Consequences
A Junior DBA connects to the wrong system to
clear down a table
Image of a junior DBA
Data column 1 Data column 2 Data column 3
5645681356 ERTRGFD455 3985223
3526412541 GOGTNBSZ88 3212587
5498741355 YKMHNBIH91 6887119
8789781155 KOVUSDHA24 5645410
2125541101 KTJTKHJKIH91 9832546
4658786412 PKJDSHAGB58 2121005
6587441147 FNGJHGFUG93 9741248
All the rows in a critical table in a pre-
production environment are deleted!
The Technical Bit
• The Junior DBA connected to the wrong system by mistake, using instance
• The System Administrator had been trying to get federation to work, and in
addition to enabling the FEDERATED database manager parameter, the
FED_NOAUTH (bypass federated authentication) parameter had also been set
• When FED_NOAUTH is set to YES, FEDERATED is set to YES, and authentication
is set to SERVER or SERVER_ENCRYPT, then authentication at the instance is
bypassed, as it is assumed that authentication will happen at the data source.
• So, it was possible to connect to the database as any user without having to get
the password right! Once connected to the database, you only had access to
the tables that the user (group) had access to. However, this meant if anyone
got the right username for the DB2 instance owner then they could
select/add/delete any data they liked!
The Moral of the Story
Never underestimate the law of Unintended Consequences!
What you’re doing in one part of the database may have far
DB2 can be a complex beast! A little knowledge is dangerous.
Fiddling with settings can cause all sorts of problems.
Don’t underestimate the need for a skilled DB2 support.