×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC AMI Copy for Db2 12.1 Getting started

Required authorizations

To use BMC AMI Copy, you need authorization within Db2 and through your system security package.

These authorizations must be sufficient to access resources and perform the tasks required during BMC AMI Copy processing. The authorizations required for using the COPY, COPY IMAGECOPY, OPTIONS, QUIESCE, RECALL, MODIFY, and TEMPLATE commands are the same. Additional authorizations are required for the RUNSTATS option.

Important

If the MODIFY VERIFY command with the options ON DSNOTFOUND DELETE is used, you must have MVS control authority on the image copy data set.

To use the Snapshot Copy feature or XBM Utility Monitor, you must have the appropriate authorizations. For more detailed information, see the  SNAPSHOT UPGRADE FEATURE for DB2 documentation Open link .

To use the COMPRESS option, you must have the appropriate authorizations to use PACLOG for DB2. See the  PACLOG for DB2 documentation Open link  for details on the PACLOG authorizations needed.

Authorization verification mechanisms

If the Db2 DSNX@XAC authorization exit is available for your system, BMC AMI Copy uses this exit to verify authorization for external access.

The exit is available from the following sources:

  • IBM provides a sample exit with Db2 for the IBM Resource Access Control Facility (RACF) component.

  • CA Technologies provides the DSNX@XAC exit with CA-ACF2 Security for Db2 and CA-Top Secret Security for Db2.

We recommend this mechanism for implementing external security. The access control authorization exit must be available in the STEPLIB, JOBLIB, linklist, or in the SYS3.DSN exit.

If the DSNX@XAC exit is not available, BMC AMI Copy uses the standard Db2 method to check security. 

Db2 authority

To run BMC AMI Copy, you must have EXECUTE authority on the BMC AMI Copy plan, and the plan owner must have EXECUTE authority to collection-id.* for the collections referenced by the plan.

For BMC AMI Copy to be able to process database objects, your primary or secondary authorization IDs must have one of the following authorities or privileges:

  • Installation SYSADM, SYSADM, or SYSCTRL authority

  • System DBADM, DBADM, DBCTRL, or DBMAINT authority for the database containing the named space

  • IMAGCOPY, DISPLAYDB, STARTDB, and STOPDB privileges for the database containing the named space

  • DISPLAY (system wide) and IMAGCOPY, STARTDB, and STOPDB privileges for the database that contains the named space

Important

To copy the directory (DSNDB01), you must have installation SYSADM, SYSADM, or SYSCTRL authority. If you make SHRLEVEL CONCURRENT copies and set the installation option READONLY to LOCKTBL, you must also have SELECT authority for the tables you are copying or be the owner of those tables. To use the COPY RUNSTATS option, you must have the STATS privilege on the database.

System authority

Because BMC AMI Copy does not run as part of the Db2 subsystem, you must have authorization equivalent to that required by Db2 to use BMC AMI Copy.

When the BMC AMI Copy installation option OPNDB2ID is set to NO, and when the underlying data set of a table space is protected by the IBM Resource Access Control Facility (RACF) component of the z/OS Security Server or a similar security system, you must have sufficient authority to access and modify the data set. For index spaces, you must have read access to the index data set(s).

When the BMC AMI Copy installation option OPNDB2ID is set to YES, the DB2 RACF ID is used to allow Db2 data sets to be opened. For security systems other than RACF, the installation option OPNDB2ID must be set to NO.

If your Db2 is specified in the RACF started procedures table (ICHRIN03) as a privileged or trusted task and no user ID is associated with the Db2 address space, you cannot use OPNDB2ID to allow BMC AMI Copy to access the Db2 data sets. In this case, the user running BMC AMI Copy must have RACF authority to access the data sets needed for copying.

If you are using SHRLEVEL CHANGE with data sharing, BMC AMI Copy and COPY IMAGECOPY will read the BSDS. Therefore, you will need READ authorization for the BSDS for BMC AMI Copy and COPY IMAGECOPY commands. BMC AMI Copy reads the group buffer pool check point records from the BSDSs for the group if it detects that the space being copied is group buffer pool dependent. 

APF authority

BMC AMI Copy uses MVS system services that require APF authorization. Accordingly, BMC AMI Copy must reside in an APF-authorized library.

All load modules loaded by BMC AMI Copy must be authorized and must reside in APF-authorized libraries.

Related topics

Creating index backups

Making SHRLEVEL CONCURRENT copies (Snapshot Copies)

Executing BMC AMI Copy jobs

Was this page helpful? Yes No Submitting... Thank you
Last modified by Anagha Evans on Oct 21, 2021
getting_started

Comments

Log in or register to comment.

Enhanced SYSCOPY maintenance
Shared infrastructure components
© Copyright 1989-2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.