What SAF based resource checks are provided for RC/Merger?
The RC/Merger SAF-based resource checks are desribed as follows:
RCMIGRAT.RCMERGER.STOP.START.ssid.dbname.dbcreator
Determines whether to use the dbcreator or the primary user ID to stop and start the database on the subsystem. The call to stop and start the database occurs during execution of the RCMERGER DATASET statement. If dbcreator is not specified in the analysis options, dbcreator is the database owner (CREATOR value from SYSIBM.SYSDATABASE).
If dbcreator is equivalent to the primary user ID or blank, no resource check is made and the primary user ID is used to start and stop the database. If the resource check is unsuccessful, the primary user ID is used to stop and start the database. If the resource check is successful, the dbcreator is used to stop and start the database.
RCMIGRAT.RCMERGER.VSAM.Db2.USERID
Permits use of the DBM1 address space user ID to copy the VSAM space objects. This authorization is used to read source objects and write target objects. If the check is unsuccessful, the ID of the user who submitted the move analysis script for execution is used for authorization.
The needed security access can be created as follows:
1. Define CADB2 resource class to your security product.
2. Permit appropriate users to the new ENTITIES:
- RCMIGRAT.RCMERGER.STOP.START.ssid.dbname.dbcreator
- RCMIGRAT.RCMERGER.VSAM.DB2.USERID
ssid: The SSID where we are going to do the STOP/START. Can be
wildcarded.
dbname: The database name of the object we are going to STOP/START.
Can be wildcarded.
dbcreator: Either the CREATOR of the database or the user-id
provided in the Analysis Options. Can be wildcarded.
We provide sample RACF commands in the Installation documentation here.
You need to define the CADB2 resource class if not already defined and then grant user access to the RCMIGRAT.RCMERGER. entities listed above.
The RC/Merger SAF-based resource checks are documented here.