ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What happens if CADB2 is not defined? Will it prevent access to the resources?

book

Article ID: 240731

calendar_today

Updated On:

Products

Detector for DB2 for z/OS Database Management for DB2 for z/OS - Administration Suite Database Management for DB2 for z/OS - Performance Suite Database Management for DB2 for z/OS - Recovery Suite Database Management for DB2 for z/OS - SQL Performance Suite Database Management for DB2 for z/OS - Utilities Suite

Issue/Introduction

What happens if a resource is not granted but resource group is defined? I.E say CADB2 is defined, but the CONNECT.AUTH.USERID is not granted? Will it prevent access to bacth? What happens if CADB2 is not defined? Will it prevent access to the resource? 

 

 

 

Environment

Release : 20.0

Component : Execution Manager

Resolution

If resource is not granted then the functionality that resource is being checked for will not work. This include if CADB2 is not defined. SAF-based security resource checks are required for the following product features and functions: Batch Processor interface exit processing for BPAEXIT1 to permit use of Db2 secondary IDs. Explain functions in Plan Analyer.

To permit users to execute these functions and components using SAF-based resource checks, complete the following steps:

Define the CADB2 resource class name.

(CADB2 is predefined in ACF2).

Permit READ access for the user. The following entities can be specified:

CONNECT.AUTH.userid

Permits the use of Db2 secondary IDs with the Batch Processor .AUTH command(BPAEXIT).

CONNECT.EXPLAIN.userid

Permits use of the EXPLAIN functions in Plan Analyzer, where userid is the value that is specified in the Primary AUTHID explain option.