How can I limit the use of the .AUTH Command in Migration Strategies?

book

Article ID: 53093

calendar_today

Updated On:

Products

CA RC/Migrator CA Endevor SCM Interface DB2 Administration CA RC Compare for DB2 for z/OS CA RC Extract for DB2 for z/OS CA RC/Query CA RC Secure for DB2 for z/OS CA RC Update for DB2 for z/OS

Issue/Introduction

Description:

The .AUTH command lets you switch authorization IDs during processing. For example, if the .AUTH is set to the authorization ID with SYSADM authority and the migration strategy is submitted with an ID that does not have SYSADM authority, the objects will be created. To limit the use of the .AUTH statement, a security exit will need to be used.

Solution:

The .AUTH command can be used to switch to an ID authorized to perform a specific SQL statement. To control the users who can perform authorization ID switching, a security exit will need to be provided. A security exit is called for every Batch Processor command that provides access or authority to a resource. EXIT01 is a supplied exit routine that can be edited and enhanced to control the users that can execute the .AUTH command. This routine is called when the .AUTH command is executed.

Specifics on the use of the EXIT01 security exit can be found in the Batch Processor Reference Guide, Appendix A: Using the Security Exits.

Environment

Release:
Component: RCM