Space banner

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Full-screen mode security

For full-screen mode security, a common BBSEC member is created for all LPARs where MainView for DB2 is running.

The BBSEC member contains the following TYPE statements:

TYPE=BBI,SSID=M2*,PREFIX= FSDB2,CLASS = MainView  
TYPE = DB2,SSID = M2*

At this site, the naming convention for BBI-SS PAS subsystem IDs is M2&SYSCLONE. They have chosen a resource name prefix of FSDB2 and a security class name of MainView.

Note

The security class called MainView must be defined to CA ACF2.

To protect MainView for DB2 full-screen mode resources, the site uses CA ACF2 rules as shown in Following figure.

 Sample CA ACF2 rules for MainView for DB2, full-screen mode

*********************************************************************** 
* MainView RULES FOR FULL-SCREEN MODE FOR MainView FOR DB2              
* FORMAT........FSDB2.M2D0.BBI.DB2Z.ACCESS                              
*                                                                       
* FORMAT....FSDB2.M2-.BBI.DB-.PMACC#  (MODIFY ANALYZER/MONITOR)         
*           FSDB2.M2-.BBI.DB-.BBICMD  (MainView COMMAND)                
*           FSDB2.M2-.BBI.DB-.BBIJRNL (MainView JOURNAL)                
*           FSDB2.M2-.BBI.DB-.DB2CMD  (DB2 COMMAND)                     
*           FSDB2.M2-.DMR.DB-.DB2SQL- (DISPLAY SQL TEXT IN TRACE) 
*********************************************************************** 
$KEY(FSDB2) TYPE(MVW)                                                   
*********************************************************************** 
* appl1    = APPLICATION 1                                              
* appl2    = APLLICATION 2                                              
* devdba   = DEV DBA                                                    
* operator = OPERATIONS STAFF                                           
* prodexpl = PROD/EXPLOITATION STAFF 
*********************************************************************** 
* TECHNICAL SERVICES ALL ACCESS                                         
*********************************************************************** 
-   UID(sysprog)         ALLOW                                          
-   UID(techdba)         ALLOW                                          
-   UID(-) PREVENT                                                      
*********************************************************************** 
* OPERATIONS STAFF ACCESS ALL DB2                                       
*********************************************************************** 
M2-.BBI.-.ACCESS         UID(operator) ALLOW                            
M2-.BBI.-.PMACCA         UID(operator) ALLOW                            
M2-.DMR.-.DB2SQL-        UID(operator) ALLOW 
*********************************************************************** 
* PRODUCTION STAFF ACCESS ALL DB2 BUT TEST                              
*********************************************************************** 
M2D*.BBI.-.ACCESS        UID(prodexpl) PREVENT                          
M2-.BBI.-.ACCESS         UID(prodexpl) ALLOW                            
M2-.BBI.-.PMACCA         UID(prodexpl) ALLOW                            
M2-.DMR.-.DB2SQL-        UID(prodexpl) ALLOW 
*********************************************************************** 
* DEV DBA 1ER LEVEL - ACCESS BY ENVIRONNEMENT                           
*********************************************************************** 
M2A1.BBI.-.ACCESS        UID(devdba) ALLOW                              
M2C1.BBI.-.ACCESS        UID(devdba) ALLOW                              
M2E1.BBI.DB2C.ACCESS     UID(devdba) ALLOW                              
M2E1.BBI.DB2M.ACCESS     UID(devdba) ALLOW                              
M2H1.BBI.-.ACCESS        UID(devdba) ALLOW                              
M2J1.BBI.-.ACCESS        UID(devdba) ALLOW                              
M2T1.BBI.DB1S.ACCESS     UID(devdba) ALLOW                              
*********************************************************************** 
* DEV DBA 2ND LEVEL - SPECIFIC ACTION PERMITTED                         
*********************************************************************** 
M2-.BBI.-.PMACCA         UID(devdba) ALLOW                              
M2-.DMR.-.DB2SQL-        UID(devdba) ALLOW                              

*********************************************************************** 
* DEV DBA 3RD LEVEL - TRACES                                            
*********************************************************************** 
M2C1.BBI.-.TRACE.-       UID(devdba) LOG                                
M2C1.BBI.-.TRALLOC-      UID(devdba) LOG                                
M2E1.BBI.DB2C.TRACE.-    UID(devdba) LOG                                
M2E1.BBI.DB2C.TRALLOC-   UID(devdba) LOG                                

*********************************************************************** 
* APPLICATIONS STAFF FOR APPLICATION 1; 1ST, 2ND AND 3RD LEVEL AS ABOVE 
*********************************************************************** 
M2P1.BBI.-.ACCESS        UID(********appl1) ALLOW                       
M2P1.BBI.-.PMACCA        UID(********appl1) ALLOW                       
M2P1.DMR.-.DB2SQL-       UID(********appl1) ALLOW                       
M2P1.BBI.-.TRACE.-       UID(********appl1) LOG                         
M2P1.BBI.-.TRALLOC-      UID(********appl1) LOG                         
*********************************************************************** 
* APPLICATIONS STAFF FOR APPLICATION 2; 1ST, 2ND AND 3RD LEVEL AS ABOVE 
*********************************************************************** 
M2T1.BBI.DB2V.ACCESS     UID(********appl2) ALLOW                       
M2E1.BBI.DB2W.ACCESS     UID(********appl2) ALLOW                       
M2-.BBI.-.PMACCA         UID(********appl2) ALLOW                       
M2-.DMR.-.DB2SQL-        UID(********appl2) ALLOW                       
M2E1.BBI.DB2W.TRACE.-    UID(********appl2) LOG                         
M2E1.BBI.DB2W.TRALLOC-   UID(********appl2) LOG


Was this page helpful? Yes No Submitting... Thank you

Comments