Space announcement

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Setting UNLOAD PLUS authorizations

UNLOAD PLUS does not run as part of the DB2 subsystem. Therefore, users must have system authorizations and, for DIRECT YES, data set authorizations that are equivalent to the authorizations that DB2 requires. Use the following procedures to set the necessary authorizations.

Note

If you are using UNLOAD PLUS with ALTER for DB2 or CHANGE MANAGER for DB2, UNLOAD PLUS functions in DIRECT YES mode only.

To set DB2 authorizations

  1. For all load jobs, set the following authorizations:
    • Sufficient DB2 authority to execute the UNLOAD PLUS plan and all packages that the UNLOAD PLUS plan uses

    • Authorization equivalent to the authorization that the IBM DB2 UNLOAD utility requires

      Note

      UNLOAD PLUS enforces row- and column-level security only when DIRECT NO is in effect.
  2. To enable the use of the FORCE option to cancel DB2 threads that might prevent a successful drain during an unload job, grant the following authorizations:
    • DISPLAY privileges

    • One of the following authorities:

      • SYSADM

      • SYSOPR

      • SYSCTRL

    Note

    These authorizations might be implicit in the authority that the users have.

  3. To enable zIIP processing and SHRLEVEL CHANGE CONSISTENT YES, ensure that you have the appropriate authorizations for XBM or SUF.

    For information about security levels and authorizations for XBM, see the EXTENDED BUFFER MANAGER for DB2 documentation .

To enable data set access using the DB2 RACF ID

Specify OPNDB2ID=YES in your installation options.

This option tells UNLOAD PLUS to use the DB2 RACF ID for data set access.

To enable data set access when not using the DB2 RACF ID

When using DIRECT NO, UNLOAD PLUS uses DB2 to access data sets. In this case, users do not need the authorization described in this procedure.

  1. Specify OPNDB2ID=NO in your installation options.

    This option tells UNLOAD PLUS not to use the DB2 RACF ID for data set access.

  2. If using RACF or a similar system security package to protect underlying data sets and the Integrated Catalog Facility (ICF) catalog of a table or index space, grant READ privileges for the following sources:
    • DB2 VSAM data sets

    • DB2 image copy data sets

    • DSN1COPY data sets

    • Inline copy data sets

    • Instant Snapshot copy data sets

    • Online consistent copy data sets

    • Cabinet copy data sets

    • VSAM FlashCopy data sets

    • VSAM linear data sets

    • Encrypted copy data sets that are created by COPY PLUS

    • Key data sets for encrypted copies

    The following steps illustrate one method for granting these data set authorizations when your site uses a system security package other than RACF:

    1. Associate users with a security group.

    2. Grant EXECUTE privileges on the UNLOAD PLUS product program (ADUUMAIN) to the security group.

    3. Grant the data set authorizations to ADUUMAIN.

Related topic
Was this page helpful? Yes No Submitting... Thank you

Comments