The userid for the Db2 ADMT PROC requires PTKTDATA privileges granted by the RACF syntax in SDSNSAMP(DSNTIJRA). What is the ACF2 equivalent of the DSNTIJRA RACF syntax for passtickets?
//*********************************************************************
//* Allow use of PASSTICKETS for the DB2 admin scheduler started task
//*********************************************************************
//DSNADSP EXEC DSNTSOB,COND=(4,LT)
//SYSTSIN DD *
//*### Activate the RACF general resource class PTKTDATA:
// DD *
SETROPTS CLASSACT(PTKTDATA)
SETROPTS RACLIST(PTKTDATA)
SETROPTS GENERIC(PTKTDATA) GENCMD(PTKTDATA)
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RPTK) ADD
F ACF2,REFRESH(INFODIR)
//*### Define a profile for the admin scheduler startup proc, !DSNADMT!:
// DD *
RDEFINE PTKTDATA IRRPTAUTH.!DSNADMT!.* UACC(NONE)
RDEFINE PTKTDATA !DSNADMT! +
SSIGNON(KEYMASKED(CACD4AD6D79ECA71)) +
UACC(NONE) APPLDATA('NO REPLAY PROTECTION')
PERMIT IRRPTAUTH.!DSNADMT!.* CL(PTKTDATA) +
ID(!STARTUID!) ACCESS(UPDATE)
PERMIT !DSNADMT! CL(PTKTDATA) +
ID(!STARTUID!) ACCESS(UPDATE)
SETROPTS RACLIST (PTKTDATA) REFRESH
SETROPTS RACLIST (FACILITY) REFRESH
SETROPTS REFRESH GENERIC(*) RACLIST(PTKTDATA)
//*
SET PROFILE(PTKTDATA) DIVISION(SSIGNON)
INSERT !DSNADMT! SSKEY(CACD4AD6D79ECA71) MULT-USE
F ACF2,REBUILD(PTK),CLASS(P)
SET R(PTK)
RECKEY IRRPTAUTH ADD( !DSNADMT!.- UID(!STARTUID!) SERVICE(READ,UPDATE) ALLOW)
RECKEY !DSNADMT! ADD( - UID(!STARTUID!) SERVICE(READ,UPDATE) ALLOW)
F ACF2,REBUILD(PTK)
**Verify your GSO OPTS setting for PTKRESCK|NOPTKRESCK. This option specifies whether to make a FASTAUTH resource validation check to verify that a user has the appropriate authority to generate a PassTicket for a specific user and application. If NOPTKRESCK is specified, this section can be ignored. If PTKRESCK is specified, then the following will need to be added:
SET R(PTK)
RECKEY PTKTGEN ADD( applid.userid UID(!STARTUID!) ALLOW)
F ACF2,REBUILD(PTK)