Copying user ID privileges

This procedure describes how to copy privileges from a source user ID to one or more target user IDs. You can copy all privileges or only specific privileges.

Create a list of user IDs that contains the source user ID, the one from which you want to copy authorizations. For information, see Generating lists in Catalog Manager.
In the User Authorizations List panel, enter COPYAUTHS in the Cmd column beside the source user ID.
(Optional) If the target user IDs are included on the list of user IDs, enter the equal sign ( = ) in the Cmd column beside them.
Press Enter.
The Copy User Authorizations panel is displayed below:
                         Copy User Authorizations                  1 to 19 of 19
Command ===>                                                  Scroll ===> PAGE

Generate copyauth grant SQL. . . N       Y to generate SQL
Include implicit privileges. . . N       Y to include implicit privileges
Privilege type to include. . . .         UA/RA/DA/TA/PA/GA/FA/SA/blank=all

-------------------------------------------------------------------------------
Copy From. . . QCT

Swap with
Copy From      Copy To
N
N
N
N
N
N
N
N
N
N
Warning
Important
The Copy To field identifies the user IDs that were selected as the targets for the authorizations in Step 3. If you did not include target user IDs, then the Copy To field is blank.
In the Copy To field, type the target user IDs. You can specify up to 10 user IDs.
(Optional) To identify a different source user ID, complete the following steps:
1. In the Copy From field, type the new source user ID.
2. In the Copy To field, type the target user IDs.
3. In the Swap with Copy From field, type Y beside the user ID that you now want to use as the source:
  - If Y is indicated in the Swap with Copy From field for an object in the Copy To column, then that object becomes the source of the authorizations for all of the objects including the object in the Copy From field.
  - If Y is indicated in the Swap with Copy From field for more than one object in the Copy To column, then only the last object marked as such becomes the source object. All other objects, including others marked with a Y, are treated as target objects.
In the Include implicit privileges field, enter Y to grant implicit privileges from the source user ID to the target user IDs.
In the Privilege type to include field, enter the code of the object type for which you want to copy authorizations.
In the Generate copyauth grant SQL field, enter Y to generate SQL.
Press Enter.
The Confirm SQL panel is displayed below:
DNK -R                         Confirm SQL                        1 to 30 of 69
Command ===>                                                  Scroll ===> PAGE

Current SQLID. . . . . . . . MVSSXS2
Edit Options . . . . . . . . N         Y/N Modify SQL processing options
Edit SQL . . . . . . . . . . N         Y/N Edit SQL before executing
Save in SQL table. . . . . . N         A/Y/R/N A/Y-Append, R-Replace
  Name of saved data. . . . . 20220222_094815
Save in PDS. . . . . . . . . N         Y/N Save in PDS
  PDS(member) . . . . . . . . ACT.V13.DATABASE(TEST)

Execute SQL. . . . . . . . . N         Remote Db2 . NONE
Create batch job . . . . . . N         Y/N Create batch job
------------------------------------- SQL -----------------------------------
    GRANT USAGE
       ON DISTINCT TYPE
          QCT.QCT7DTVC, QCT.QCTDTEVC, QCT.QCTDTIN, QCT.QCTDTSM
       TO MVSSXS2 ;

    GRANT SELECT
       ON TABLE
          QCT.QCTM01_DE01S01T01
       TO MVSSXS2
     WITH GRANT OPTION ;

    GRANT DELETE, INSERT, SELECT, UPDATE
       ON TABLE
          QCT.QCTV01_DBAYS01T01, QCT.QCTV01_DBAYS02T01,
          QCT.QCTV01_DESTAS01, QCT.QCTV01_DESTAS02, QCT.QCTV01_DETHAS01,
          QCT.QCTV01_DETHAS02
       TO MVSSXS2
     WITH GRANT OPTION ;

    GRANT ALTER, DELETE, INDEX, INSERT, SELECT, UPDATE, REFERENCES,
          UNLOAD
       ON TABLE
          QCT.QCTT01_DE04S01L01P, QCT.QCTT01_DE04S03L11B,
          QCT.QCTT01_DE04S03L11C, QCT.QCTT0COLCLPHV66BPA_QM002426359,
          QCT.QCTT0COLCLPHV66BPB, QCT.QCTT0COLCLWOLQYZ9G,
          QCT.QCTT0COLCLWOLR5XIU, QCT.QCTT0COLCLWOLRIC0I,
          QCT.QCTT0COLCLWOLRVM7U, QCT.QCTT0COLCLWOLS32RQ,
          QCT.QCTT0COLCLWOLS9Y7B, QCT.QCTT0COLCLWOLSD4MF,
          QCT.QCTT0COLCLWOLSYIIG, QCT.QCTT0COLCLWOLT1A8G,
          QCT.QCTT0COLCLWOLTNLCV, QCT.QCTT0COLCLWOLTUVUC,
On the Confirm SQL panel, you can edit and save the SQL and then execute it:
1. (Optional) From the Command line, issue the SET sqlid command to change the value of the current SQLID.
  Warning
  Important
  The ID shown in the Current SQLID field must have the proper authority to perform the specified SQL GRANT statement. If you hold a primary- or secondary-authorization ID that has the proper authority, you can change the Current SQLID to that authorization ID and complete the CREATE. To change the Current SQLID, use the SET command.
2. (Optional) In the Edit options field, enter Y to modify the default values for the options on the Confirm SQL panel. Then, press Enter.
  The Options panel is displayed. In the Edit SQL and Confirm options field, type Y to display the options for the Confirm SQL panel. Press END to return to the Confirm SQL panel.
3. (Optional) In the Edit SQL field, enter Y to invoke an ISPF edit session to edit the SQL. Then, press Enter. Press END to save the SQL and return to the Confirm SQL panel.
4. (Optional) In the Save in SQL table field, enter A, Y, R, or N to specify whether to save the SQL in the Catalog Manager SQL_Table.
  To perform this action
  Type
  Append the SQL to the SQL in the SQL_Table
  A
  Save the SQL in the SQL_Table
  Y
  Replace the SQL in the SQL_Table
  R
  Discard the SQL
  N
5. (Optional) In the Name of saved SQL field, type a name for the SQL.
6. (Optional) In the Save in PDS field, type Y to save the SQL in a member of a partitioned data set (PDS). The saved SQL uses the ID displayed in the Current SQLID field as the object qualifier. If the SQL is not saved, the ID in the Current SQLID is used only to identify DB2 authority.
7. (Optional) In the PDS(member) field, enter the name of the PDS and member. To import the PDS member to another subsystem as an entry in the SQL_Table, see Importing the SQL in another subsystem.
8. (BMC.DB2.SPE2210) (Optional) In the Remote Db2 field, perform one of the following steps to execute the SQL displayed on a different Db2 subsystem:
  - Enter a Db2 subsystem ID
  - To select a Db2 subsystem from a list, enter ? and then press Enter
9. (Optional) To execute the statements, perform one of the following actions:
  - To execute the statements online, in the Execute SQL field, enter Y to execute the SQL displayed on the Confirm SQL panel. Then, press Enter.
    The SQL Progress Indicator panel is displayed. The panel automatically refreshes to display the status of the SQL that is being executed.
  - (BMC.DB2.SPE2601) To execute the statements in a batch job, in the Create batch job field, enter Y and press Enter.
    The Confirm Batch Job panel is displayed. Perform one or more of the following actions:
    In the JCL Dataset field, enter the name of the data set where you want to save the JCL for the job. The default value is from your options.
    To generate the JCL for the job, in the Build Job field, enter Y and press Enter.
    To edit the generated JCL, in the Edit Dataset field, enter Y and press Enter.
    To submit the job for execution, in the Submit field, enter Y and press Enter.

Copying user ID privileges

BMC AMI Catalog Manager for Db2 13.1

On this page

To perform this action	Type
Append the SQL to the SQL in the SQL_Table	A
Save the SQL in the SQL_Table	Y
Replace the SQL in the SQL_Table	R
Discard the SQL	N