CA SymDump for CICS and CA InterTest for CICS can get AD2U abends when trying to capture or display the LASTSQL statement.

Document ID : KB000050411
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

With CA SymDump for CICS, when attempting to capture the LASTSQL statement, an AD2U can occur if proper authorization is not granted to the CICS DB2 plan (IN85PLAN).

As described in the CICS Transaction Server Resource Definition Guide, A DB2ENTRY defines the attributes of entry threads used by the CICS DB2 attachment facility. The AUTHTYPE within the DB2ENTRY definition defaults to USERID, which indicates the USERID associated with the CICS transaction is used as the authorization ID. This requires that each USERID be granted DB2 EXECUTE authority to the IN85PLAN.

However, the AUTHTYPE within the DB2ENTRY definition can be set to TX, which specifies the transaction identification as the authorization ID. Using this AUTHTYPE only requires the internal CA SymDump for CICS transaction to capture the LASTSQL (SYMD) be granted EXECUTE authority.
Note: This internal transaction ID default is SYMD; however, it can be changed via IN25OPTS. The transaction ID to be granted DB2 EXECUTE authority to the IN85PLAN must match this internal transaction.

With CA InterTest for CICS, when attempting to display the LASTSQL statement via the CORE command (CORE=LASTSQL) while at a breakpoint, an AD2U can occur if proper authorization is not granted to the CICS DB2 plan (IN85PLAN).

If the AUTHTYPE within the DB2ENTRY definition is set to TX, which specifies the transaction identification as the authorization ID, then the internal CA InterTest for CICS transaction used for handling breakpoints (VTAT) must be granted EXECUTE authority.

Note: This internal transaction ID default is VTAT; however, it can be changed via IN25OPTS. The transaction ID to be granted DB2 EXECUTE authority to the IN85PLAN must match this internal transaction.

Solution:

This sample JCL can be used to define a DB2ENTRY with AUTHTYPE set to TX:

//JOBCARD  JOB                                                   
//STEPIN01 EXEC PGM=DFHCSDUP,PARM='CSD(READWRITE)',REGION=1M     
//STEPLIB  DD  DSN=your.CICS.SDFHLOAD,DISP=SHR                   
//SYSPRINT DD  SYSOUT=*                                          
//DFHCSD   DD  DSN=your.CICS.DFHCSD,DISP=SHR                     
//SYSIN    DD  *                                                 
  DEFINE DB2ENTRY(IN85PLAN) GROUP(yourgrp) PLAN(IN85PLAN)        
         AUTHTYPE(TX)                                            
         DESCRIPTION(INTERTEST 8.5 DB2 ENTRY)                    
/*

This sample JCL can be used to grant SYMD and/or VTAT execute authority to plan IN85PLAN:

//JOBCARD JOB                                                         
//RESEWTBS EXEC PGM=IKJEFT01,DYNAMNBR=20                               
//STEPLIB  DD  DISP=SHR,DSN=your.DB2.SDSNLOAD                      
//SYSTSPRT DD  SYSOUT=*                                                
//SYSPRINT DD  SYSOUT=*                                                
//SYSUDUMP DD  SYSOUT=*                                                
//SYSIN    DD  *                                                       
  GRANT EXECUTE ON PLAN IN85PLAN TO SYMD;   
  GRANT EXECUTE ON PLAN IN85PLAN TO VTAT;                                                         
//SYSTSIN  DD  *                                                       
 DSN SYSTEM(D81A)            <<< THIS IS YOUR DB2 SYSTEM ID       
 RUN PROGRAM(DSNTEP2) -                                                
   PLAN(DSNTEP81) -          <<< THIS IS YOUR DB2 PLAN FOR DSNTEP2
   LIB('D81A.RUNLIB.LOAD')   <<< THIS IS YOUR DB2 RUNLIB          
  END                                                                  
/* 

This sample JCL can be used to display who/what has EXECUTE Authority to the IN85PLAN.
The SYSPRINT report will show EXECUTEAUTH for each GRANTEE.
G or Y in the EXECUTEAUTH column indicates the GRANTEE has access.

//JOBCARD JOB  
//RESEWTBS EXEC PGM=IKJEFT01,DYNAMNBR=20                                
//STEPLIB  DD  DISP=SHR,DSN=your.DB2.SDSNLOAD                         
//SYSTSPRT DD  SYSOUT=*                                                 
//SYSPRINT DD  SYSOUT=*                                                 
//SYSUDUMP DD  SYSOUT=*                                                 
//SYSIN    DD  *                                                        
  SELECT * FROM SYSIBM.SYSPLANAUTH WHERE NAME = 'IN85PLAN'              
//SYSTSIN  DD  *                                                        
 DSN SYSTEM(D81A)            <<< THIS IS YOUR DB2 SYSTEM ID        
 RUN PROGRAM(DSNTEP2) -                                                 
   PLAN(DSNTEP81) -          <<< THIS IS YOUR DB2 PLAN FOR DSNTEP2 
   LIB('D81A.RUNLIB.LOAD')   <<< THIS IS YOUR DB2 RUNLIB           
  END                                                                   
/*