×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Space announcement

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.
UNLOAD PLUS for DB2 11.2 Using

Setting UNLOAD PLUS authorizations

UNLOAD PLUS does not run as part of the Db2 subsystem. Therefore, users must have system authorizations and, for DIRECT YES, data set authorizations that are equivalent to the authorizations that Db2 requires. Use the following procedures to set the necessary authorizations.

Note

If you are using UNLOAD PLUS with ALTER for Db2 or BMC AMI Change Manager for Db2, UNLOAD PLUS functions in DIRECT YES mode only.

To set Db2 authorizations

  1. For all unload jobs, set the following authorizations:

    • Sufficient Db2 authority to execute the UNLOAD PLUS plan and all packages that the UNLOAD PLUS plan uses

    • Authorization equivalent to the authorization that the IBM Db2 UNLOAD utility requires

    • When DIRECT NO is invoked, UNLOAD authority is not used, you must have the necessary SELECT authority

      Note

      UNLOAD PLUS enforces row- and column-level security only when DIRECT NO is in effect.
  2. To enable the use of the FORCE option to cancel Db2 threads that might prevent a successful drain during an unload job, grant the following authorizations:

    • DISPLAY privileges

    • One of the following authorities:

      • SYSADM

      • SYSOPR

      • SYSCTRL

    Note

    These authorizations might be implicit in the authority that the users have.

  3. To enable zIIP processing and SHRLEVEL CHANGE CONSISTENT YES, ensure that you have the appropriate authorizations for XBM or SUF.

    For information about security levels and authorizations for XBM, see the EXTENDED BUFFER MANAGER for DB2 documentation Open link .

To enable data set access using the Db2 RACF ID

Specify OPNDB2ID=YES in your installation options.

This option tells UNLOAD PLUS to use the Db2 RACF ID for data set access.

To enable data set access when not using the Db2 RACF ID

When using DIRECT NO, UNLOAD PLUS uses Db2 to access data sets. In this case, users do not need the authorization described in this procedure.

  1. Specify OPNDB2ID=NO in your installation options.

    This option tells UNLOAD PLUS not to use the Db2 RACF ID for data set access.

  2. If using RACF or a similar system security package to protect underlying data sets and the Integrated Catalog Facility (ICF) catalog of a table or index space, grant READ privileges for the following sources:

    • Db2 VSAM data sets

    • Db2 image copy data sets

    • DSN1COPY data sets

    • Inline copy data sets

    • Instant Snapshot copy data sets

    • Online consistent copy data sets

    • Cabinet copy data sets

    • VSAM FlashCopy data sets

    • VSAM linear data sets

    • Encrypted copy data sets that are created by COPY PLUS

    • Key data sets for encrypted copies

Tip

For sites that use a system security package other than RACF, the following steps illustrate one method for granting these data set authorizations: 

  1. Associate users with a security group.
  2. Grant EXECUTE privileges on the UNLOAD PLUS product program (ADUUMAIN) to the security group.
  3. Grant the data set authorizations to ADUUMAIN.


Related topic

Required authorization

Was this page helpful? Yes No Submitting... Thank you
Last modified by Anagha Evans on Mar 27, 2023
using task

Comments

Log in or register to comment.

Using
Overriding the MEMLIMIT system parameter
© Copyright 2013-2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.