RC/Merger SAF-based security authorizations
search cancel

RC/Merger SAF-based security authorizations

book

Article ID: 277057

calendar_today

Updated On:

Products

RC/Migrator for DB2 for z/OS

Issue/Introduction

What SAF based resource checks are provided for RC/Merger?

Resolution

The RC/Merger SAF-based resource checks are desribed as follows:

RCMIGRAT.RCMERGER.STOP.START.ssid.dbname.dbcreator

Determines whether to use the dbcreator or the primary user ID to stop and start the database on the subsystem. The call to stop and start the database occurs during execution of the RCMERGER DATASET statement. If dbcreator is not specified in the analysis options, dbcreator is the database owner (CREATOR value from SYSIBM.SYSDATABASE).

If dbcreator is equivalent to the primary user ID or blank, no resource check is made and the primary user ID is used to start and stop the database. If the resource check is unsuccessful, the primary user ID is used to stop and start the database. If the resource check is successful, the dbcreator is used to stop and start the database.

RCMIGRAT.RCMERGER.VSAM.Db2.USERID

Permits use of the DBM1 address space user ID to copy the VSAM space objects. This authorization is used to read source objects and write target objects. If the check is unsuccessful, the ID of the user who submitted the move analysis script for execution is used for authorization.

The needed security access can be created as follows:               
                                                                    
1. Define CADB2 resource class to your security product.            
2. Permit appropriate users to the new ENTITIES:                    
   - RCMIGRAT.RCMERGER.STOP.START.ssid.dbname.dbcreator             
   - RCMIGRAT.RCMERGER.VSAM.DB2.USERID                              
                                                                    
 ssid: The SSID where we are going to do the STOP/START. Can be   
 wildcarded.                                                        
                                                                    
 dbname: The database name of the object we are going to STOP/START.
 Can be wildcarded.                                               
                                                                    
 dbcreator: Either the CREATOR of the database or the user-id       
 provided in the Analysis Options. Can be wildcarded.             

We provide sample RACF commands in the Installation documentation here.

You need to define the CADB2 resource class if not already defined and then grant user access to the RCMIGRAT.RCMERGER. entities listed above.

Additional Information

The RC/Merger SAF-based resource checks are documented here.

Powered by Wolken Software