Add TBL access for a particular ACF2 LID when there are many rules
search cancel

Add TBL access for a particular ACF2 LID when there are many rules

book

Article ID: 278553

calendar_today

Updated On:

Products

ACF2 - DB2 Option ACF2 ACF2 - MISC ACF2 - z/OS

Issue/Introduction

Where there are hundreds of ACF2 for Db2 TBL rules for a production DB2 subsystem, how can access be granted for a particular LID that is generating violations?
 
Is there any way to define a 'global' TBL rule that would allow access for this particular LID without having to update the many hundreds of specific TBL rules?
 
Also, what is the best practice to actually code these rules for DB2 tables ?

 

Resolution

There are a few different options available:

  1. Rather than coding TYPE(TBL) rules where the $KEYs contain fully qualified table names, code an extended resource rule where the first qualifier of the resource name (or a resource name mask) is the $KEY value and the remainder of the resource name (or a resource name mask) is specified in individual rule lines. For example:

    $KEY(HHH) TYPE(TBL) SYSID(ssid)
    ACCESS UID(user1) SERVICE(SELECT) ALLOW   
    ACCESS UID(user2) SERVICE(SELECT) ALLOW 
    .. ..
    .. ..   
    ACCOUNT UID(user3) SERVICE(SELECT) ALLOW 
    ACCOUNT UID(user4) SERVICE(SELECT) ALLOW 
    .. ..
    .. ..   
    - UID(UID of lid getting vios) SERVICE(SELECT) ALLOW 
        
  2. Use of DB2 Secondary AuthIds 

  3. Use of an ACF2 Resource Prevalidation or Postvalidation Exit
Powered by Wolken Software