Contents:

• dbbexp
• dbcfix
• dbdumpcat
• dbexport
• dbfsck
• dbinfo
• dbkeyutil
• dbrepl
• dbtables
• dbutil
• fwaudit
• prschema
• query3k

Overview

Summary of database utility changes/enhancements:

• dbutil has been enhanced to support item masking and item encryption.

• dbctl has been enhanced for encryption status and key management.

• The dbkeyutil utility was added to support item encryption.

• dbbexp, dbcfix, and fwaudit have been enhanced for item encryption.

• dbutil and dbdumpcat were enhanced for password change timestamp.

dbbexp

• The dbbexp utility does support supplying a master key to access encrypted content. When the -M command line option is present, the EQ_MKEYID and EQ_MKEYFILE environment variables are used to provide master key(s) to access encrypted data.

  Please notice that data exported by the dbbexp utility is not encrypted.

dbcfix

• The dbcfix utility does support supplying a master key to access encrypted content. When the -M command line option is present, the EQ_MKEYID and EQ_MKEYFILE environment variables are used to provide master key(s) to access encrypted data.

• The dbcfix utility was changed to use stdout as the default output for results. Previous versions required to specify a log file.

• Display of verbose progress is disabled unless a log file is specified.

dbdumpcat

• dbdumpcat was enhanced to output timestamps as date.

  By default (when not using the -n option), a timestamp is output as a human readable date (YYYY-MM-DD format). When the -n option is preset, a timestamp is output as a UNIX date value (seconds since epoch).

  This currently affects the tspw column of the sysuser catalog table and the tskey column of the syskey catalog table.

dbexport

• The new -m command line option may be used to specify the DBOPEN mode. By default, DBOPEN mode 9 is used (read-only/shared).

• Added a warning message if data is masked or not available due to a missing master key.

• Clarified wording of warning message when encountering a corrupted P/Z item value

dbfsck

• The dbfsck utility was enhanced to detect and fix broken links in the FixRec free-list.

• A 64 bit dbfsck build is now available for the HP-UX (PA-RISC 2.0 and Itanium) and Windows platforms.

  Large database environment sizes (approximately above 400 GB) may require the 64 bit dbfsck version to overcome a 32 bit address space limitation. If the 32 bit dbfsck issues a memory allocation failure, the 64 bit dbfsck should be used.

  On Linux, the x86_64 and ia64 builds provide a 64 bit dbfsck, while the i686 build provides a 32 bit dbfsck.

• The dbfsck memory requirement has been significantly reduced. This causes a noticable improvement of the pass 1 runtime and allows to use dbfsck on large database environments.

• Progress information has been added which is output when the -v command line option is specified. If enabled, progress info is output every minute to stdout.

  For example, the command line below redirects dbfsck messages to a log file while progress info is output to the terminal:

  dbfsck -v 2>dbfsck.log
  
  Example output:
  Processed 222437 of 556094 pages (40%)
  

  Progress information output is suppressed if pass 1 is skipped.

dbinfo

• The new -m command line option may be used to specify the DBOPEN mode. By default, DBOPEN mode 9 is used (read-only/shared).

dbkeyutil

• The dbkeyutil utility was added to support item encryption.

dbrepl

• The dbrepl utility now issues an additional exit code 3 in case a connection problem is detected, for example if the replication slave server is temporarily unavailable.

  The exit codes issued by dbrepl are:

  0 - successful execution, graceful exit

  (will only be issued if the -S or -G command line option is used and dbrepl executed normally until the existing log or the current generation has been processed)

  1 - failure, typically requires manual intervention

  (for example, a configuration problem on the replication master or slave servers)

  2 - invalid or -help command line option

  (the command line usage was output)

  3 - connection problem

  (could not connect or lost the connection to the replication slave server)

  Exit code 3 may be used in a script to retry the dbrepl invocation. Preferably, repeated invocations should be appropriately delayed, for example by sleeping 60 seconds between two invocations.

• Added a fallback to DBOPEN mode 8 when an encrypted database is not available.

dbutil

• The dbutil utility was enhanced to support item masking.

• The dbutil utility was enhanced to support item encryption.

• Support hidden entry of user passwords in the user properties dialog. The password needs to be entered twice and both fields need to match.

• Added support for user password change timestamp. This is output in the user properties dialog.

• Improved checks if attempting to grant privileges exceeding own or changing more privileged users. This complements the server verification and provides better error messages.

• The dbutil utility was enhanced to support the operator user property (both interactive and in batch use).

• Added CHANGE PATH syntax to CHANGE SET command.

  The CHANGE PATH clause may be used to change an existing path in a detail set. Currently, only the sort item definition may be changed.

  For example:

  CHANGE SET "orders"
    CHANGE PATH customer-no(customers(ORDER-DATE)));
  

• Added CHANGE SET TYPE syntax.

  The CHANGE SET TYPE clause may be used to change set type between automatic and manual master. It only applies to manual and automatic master sets.

  For example:

  CHANGE SET "auto" TYPE AUTOMATIC;
  

• Show set permissions (read, write, erase) in list screen when maintaining database security.

• Improved error message when restructuring process in the server fails.

• Changed indication of group capabilities in the group list. "A" indicates DADMIN and "P" indicates DBPRIV capability.

• The ORDER ITEMS BY NAME statement may be used to order the items by name.

  ORDER ITEMS BY NAME;
  

  The CHANGE ITEM syntax was enhanced to support changing the item order. The ORDER BEFORE|AFTER clause may be used to specify the new item position, relative to another item.

  CHANGE ITEM NAME2 ORDER AFTER NAME1;
  CHANGE ITEM CUSTNO ORDER BEFORE NAME1;
  

  The CREATE ITEM syntax was enhanced to support specifying the item order. The BEFORE|AFTER clause may be used to specify the new item position, relative to another item. If not specified, items are added at the end.

  CREATE ITEM NAME2,X30 AFTER NAME1;
  

fwaudit

• The fwaudit utility does support supplying a master key to access encrypted content. When the -M command line option is present, the EQ_MKEYID and EQ_MKEYFILE environment variables are used to provide master key(s) to access encrypted data. This requires the master key file(s) to be present and a passphrase for each master key id must be entered upon start.

  EQ_MKEYID specifies a colon separated list of master key id's. Up to 6 master key id's may be present.
  EQ_MKEYFILE specifies a colon separated list of master key files. Up to 3 key files may be specified. The default key file is eqdb.key.

  For example:

  export EQ_MKEYID=test:test2
  export EQ_MKEYFILE=test.key
  fwaudit ... -M ...
  

  This would prompt for the passphrases for the listed master keys and gain access to data protected with the master key.

• When processing an audit file, any comment records are now output to stderr, no longer to stdout.

  Audit comment records are used to record any problems that may have occurred while the original forward-log was processed. When an archived audit file is later used with fwaudit, these comment record messages are now output to stderr. Previously they were output to stdout along with the clear-text report.

  In addition, the warning messages written to comment records have been revised so that they now clearly indicate that they were created while the original forward-log was processed.

• Added a fallback to DBOPEN mode 8 when an encrypted database is not available.

query3k

• The QUERY3K utility was changed to ignore a FF character (formfeed, 0x0c) if it is the first character in an input line. This allows to use QUERY3K output files with XEQ. Previous versions of QUERY3K failed with a syntax error.

  The QUERY3K REPORT command uses a FF character to indicate a new page in its output. This makes it difficult to use a QUERY3K report subsequently in an XEQ statement without disabling the paging (option NOPAGE or SET LINES=0). However, this was possible on MPE.