ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

RC/Migrator for DB2 for Z/OS : Limit the use of the .AUTH Command in Migration Strategies?

book

Article ID: 53093

calendar_today

Updated On:

Products

RC Compare for DB2 for z/OS RC/Migrator for DB2 for z/OS

Issue/Introduction

The .AUTH command switches authorization IDs during processing. For example, if the .AUTH is set to the authorization ID having SYSADM authority and the migration strategy is submitted with an ID that does not have SYSADM authority, the objects will be created.

To limit the use of the .AUTH statement, a security exit must be used.

 

Environment

Release: R20
Component: RCM

Resolution

The .AUTH command can be used to switch to an ID authorized to perform a specific SQL statement. To control the users who can perform authorization ID switching, a security exit is provided.

A security exit is called for every Batch Processor command that provides access or authority to a resource.

EXIT01 is a supplied exit routine that can be edited and enhanced to control the users that can execute the .AUTH command. This routine is called when the .AUTH command is executed.

Specifics on the use of the EXIT01 security exit can be found in the Batch Processor Reference Guide.

Customize the Batch Processor

Additional Information

Implement Batch Processor Security Exits