Limit the use of the .AUTH Command in RC/Migrator migration strategies
search cancel

Limit the use of the .AUTH Command in RC/Migrator migration strategies

book

Article ID: 53093

calendar_today

Updated On:

Products

RC/Migrator for DB2 for z/OS RC Compare for DB2 for z/OS Database Management for DB2 for z/OS - Administration Suite Database Management for DB2 for z/OS - Performance Suite Database Management for DB2 for z/OS - Recovery Suite Database Management for DB2 for z/OS - SQL Performance Suite Database Management for DB2 for z/OS - Utilities Suite DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS

Issue/Introduction

The Database Management for Db2 for z/OS .AUTH command switches authorization IDs during processing. For example, if the .AUTH is set to
the authorization ID having SYSADM authority and the migration strategy is submitted with an ID that does not have SYSADM authority, the objects will be created.

To limit the use of the .AUTH statement, a security exit must be used.

Resolution

The .AUTH command can be used to switch to an ID authorized to perform a specific SQL statement. To control the users who can perform authorization ID switching, a security exit is provided.

A security exit is called for every Batch Processor command that provides access or authority to a resource.

EXIT01 is a supplied exit routine that can be edited and enhanced to control the users that can execute the .AUTH command. This routine is called when the .AUTH command is executed.


Specifics on the use of the EXIT01 security exit can be found in the Database Management for Db2 for z/OS documentation:

Configure the Batch Processor

Powered by Wolken Software