ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Restricting use to only data extract/masking

book

Article ID: 222169

calendar_today

Updated On:

Products

Database Management for DB2 for z/OS - Administration Suite

Issue/Introduction

The users of CA-TDM want to use RI Manager to define rules for extracting/masking Production data. 

So how to ensure they will not be allowed to do anything other than this (i.e. not be able to define any actual RI within Db2). 

Is it actually possible to restrict the use of RI Manager to just the ability to define rules "outside of Db2" for when extracting/masking data only.

 

Environment

Release : 20.0

Component : CA RI Manager for DB2 for z/OS

Resolution

The duties cannot be separated  


If you don't have the underlying auth to create System Defined RI (ALTER TABLE AUTH) 
you can only create User Defined RI.

If you have EXECUTE auth, you will be able to create RCX strategies - 
but if you don't have SELECT AUTH you won't be able to extract data.