Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Top 10 DB2 Support Nightmares #1


Published on

Join us (if you dare!) as the DB2 Geek takes us on a tour of his Top 10 DB2 Support Nightmares.

Published in: Technology
  • ⇒ ⇐ This service will write as best as they can. So you do not need to waste the time on rewritings.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Top 10 DB2 Support Nightmares #1

  1. 1. Top 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 Support Nightmares & How toNightmares & How toNightmares & How toNightmares & How to Avoid ThemAvoid ThemAvoid ThemAvoid Them #1#1#1#1
  2. 2. Part 1 - Unintended Consequences A Junior DBA connects to the wrong system to clear down a table Image of a junior DBA
  3. 3. Data column 1 Data column 2 Data column 3 5645681356 ERTRGFD455 3985223 3526412541 GOGTNBSZ88 3212587 5498741355 YKMHNBIH91 6887119 8789781155 KOVUSDHA24 5645410 2125541101 KTJTKHJKIH91 9832546 4658786412 PKJDSHAGB58 2121005 6587441147 FNGJHGFUG93 9741248 All the rows in a critical table in a pre- production environment are deleted!
  4. 4. The Technical Bit • The Junior DBA connected to the wrong system by mistake, using instance owner userid • The System Administrator had been trying to get federation to work, and in addition to enabling the FEDERATED database manager parameter, the FED_NOAUTH (bypass federated authentication) parameter had also been set to YES. • When FED_NOAUTH is set to YES, FEDERATED is set to YES, and authentication is set to SERVER or SERVER_ENCRYPT, then authentication at the instance is bypassed, as it is assumed that authentication will happen at the data source. • So, it was possible to connect to the database as any user without having to get the password right! Once connected to the database, you only had access to the tables that the user (group) had access to. However, this meant if anyone got the right username for the DB2 instance owner then they could select/add/delete any data they liked!
  5. 5. The Moral of the Story Never underestimate the law of Unintended Consequences! What you’re doing in one part of the database may have far reaching effects. DB2 can be a complex beast! A little knowledge is dangerous. Fiddling with settings can cause all sorts of problems. Don’t underestimate the need for a skilled DB2 support.
  6. 6.
  7. 7. Slide 6 U1 Make this image a full page with the triton logo and contact details User, 24/02/2014