×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
Installation System ... Planning Installation requirements for products Installation requirements for BMC AMI Data for Db2 products

DBC, NGL, and LGC authorization requirements

 

Authorizations are required for installing, configuring, and using the following common components with BMC products:
  • BMC Configuration Component for z/OS  ( LGC )
  • BMC Execution Component for z/OS  ( DBC )
  • Next Generation Logger  ( NGL )
Related topic

Installation requirements for products

Installation user ID

The user ID of the installer must have the following permissions and security settings:

  • ALTER authority for the following data sets:
    • BMC Installation System installation data sets
    • SMP/E global, target, and distribution data sets
    • Runtime data sets
    • User data sets
  • READ authority for the IBM Resource Access Control Facility (RACF) FACILITY class for the following resources:
    • BMC.DBC.*
    • BMC.DPR.*
    • BMC.LGC.* (if LGC is installed)
    • BMC.NGL.* (if NGL  is installed)
  • USS SUPERUSER access
  • CONSOLE command authorization

System symbolics

Infrastructure components make use of system symbolics to construct dynamically allocated data set names and to satisfy product requests.

The installation JCL for DBC , NGL , and LGC  also uses system symbolics.

To enable the use of system symbolics in JCL, be sure that SYSSYM=ALLOW is set in the JOBCLASS definition in the SYS1.PARMLIB member where job classes are defined.

DBC  started task user ID

The started task for the DBC  must have the following permissions and security. For more information about DBC , see Administering BMC Execution Component for z/OS (DBC) Open link .

  • DBC must meet the following UNIX requirements:
    • Write and execute access to the /tmp directory.
    • Update access to the FSACCESS (UNIX file system access check) resource class.
  • DBC  must be authorized to create an Extended MCS Console.
  • READ authority for the RACF FACILITY class for the following resources:
    • BMC.DBC.*
    • BMC.DPR.*
    • BMC.LGC.* (if LGC  is installed)
    • BMC.NGL.* (if NGL  is installed)
  • ALTER authority for the user data sets (that is, LOGSET files)
  • ALTER authority for data sets beginning with the HLQ value in the DBCOPTS member located in the DBCENV data set specified in the DBC$STC PROC. This HLQ will be used to allocate VSAM and NON-VSAM data sets.
  • READ and WRITE authority for the:
    • LGC product-specific registry data set (if LGC  is installed)
    • NGL product-specific registry data set (if NGL  is installed)
  • An OMVS segment defined in the IBM RACF (normal user) security product or an equivalent security product
  • When using Apptune  object data collection, READ authority for:
    • db2cat.DSNDBD.DSNDB06.SYSTSTAB.I0001.A001
    • db2cat.DSNDBD.DSNDB06.SYSTSIXS.I0001.A001
    • db2cat.DSNDBD.DSNDB06.SYSUSER.I0001.A001
  • When using BMC AMI Pool Advisor for Db2 , READ authority for these subsystems data sets:
    • db2cat.DSNDBD.DSNDB06.SYSTSDBA.I0001.A001
    • db2cat.DSNDBD.DSNDB06.SYSTSTAB.I0001.A001
    • db2cat.DSNDBD.DSNDB06.SYSTSTSP.I0001.A001
    • db2cat.DSNDBD.DSNDB06.SYSTSIXS.I0001.A001
  • READ authority for System Authorization Facility (SAF) class DSNR for:
    • db2ssid.BATCH
    • db2ssid.RRSAF

NGLARCH started task user ID

The started task for the NGL  must have the following permissions and security:

  • ALTER authority for the HLQ for the user data sets (that is, LOGSET files)
  • An OMVS segment defined in IBM RACF (normal user) or the equivalent in your security system

User ID

To use interface components of the products, the user ID must have:

  • READ authority for the runtime data sets
  • READ authority for the RACF FACILITY class for the following resources:
    • hlq.DBC.*
    • hlq.DPR.*
  • An OMVS segment defined in the RACF (normal user) security product or an equivalent security product
  • Execute access to the /tmp directory
  • Any User ID that issues operator commands to the DBC  must have READ authority for the RACF FACILITY class for the following resource: hlq.lpar.dbcgroup.prodCode.command.PFThe variables are defined as follows:
    • hlq is the high-level qualifier of the resource name. The HLQ node defaults to BMC, but you can customize the value by using the <HLQ> option in the  DBC  SAF startup options.
    • lpar is the MVS system name where DBC  executes.
    • dbcgroup is the name of the DBC . This name is specified in the execution parameters for the DBC  started task. This name is also the XCF group name for the DBC .
    • prodCode is the BMC product code of the product for which the resource is defined. This three-character code is specified in the INITPROD command used in product initialization.
    • command is the name of the command.

    Important

    If the resource rule for an operator command does not exist and the SAF security product returns RC=4, the operator command is allowed irrespective of the ALLOW_SAF_RC4 setting. Existing rules are then checked subject to the ALLOW_SAF_RC4 setting.

    If the resource rule for an operator command does exist, subsequent checks for existing rules are bypassed.

    You can use a wildcard for any of these nodes when you define a resource rule.


Was this page helpful? Yes No Submitting... Thank you
Last modified by Jyoti Birajdar on Mar 23, 2023
installation_requirements planning

Comments

Log in or register to comment.

Database Performance for DB2 requirements
DBC requirement in a Db2 data sharing environment
© Copyright 2014–2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.