What happens if the Database Management for Db2 for z/OS resource is not granted but resource group is defined?
For example, CADB2 is defined, but the CONNECT.AUTH.USERID is not granted? Will it prevent access to batch?
What happens if CADB2 is not defined? Will it prevent access to the resource?
Component : Execution Manager
If the resource is not granted then the functionality that resource is being checked for will not work. This include if CADB2 is not defined.
SAF-based security resource checks are required for the following product features and functions: Batch Processor interface exit processing
for BPAEXIT1 to permit use of Db2 secondary IDs. Explain functions in Plan Analyzer.
To permit users to execute these functions and components using SAF-based resource checks, complete the following steps:
Define the CADB2 resource class name.
(CADB2 is predefined in ACF2).
Permit READ access for the user. The following entities can be specified:
CONNECT.AUTH.userid
Permits the use of Db2 secondary IDs with the Batch Processor .AUTH command(BPAEXIT).
CONNECT.EXPLAIN.userid
Permits use of the EXPLAIN functions in Plan Analyzer, where userid is the value that is specified in the Primary AUTHID explain option.