Skip to Content

Managing user access

After a successful installation, you must grant access to BMC Workbench through the System Authorization Facility (SAF). Most Workbench features are accessible after user access is granted. Everyone who has access to Workbench can use the Workspace Manager and the DB2 Navigator perspective.

To setup the Workbench repository, you must assign Workbench superuser authorization to at least one user.

Before you begin

You must have SAF authorization that enables you to create and assign the required resources.

Warning

Note

If you use CA-ACF2, define the resource as TYPE(XFC) when the documentation refers to the RACF XFACILIT class.

To assign user access

Use the following procedure to give access to Workbench. You must grant access for each UIM installation.

  1. Create the following SAF resource as an XFACILIT class:
    BMCGUD.WBAC.system.port.**

    Warning

    Note

    Replace the variables system and port with the system name and the port number of the UIM server.

  2. Assign ALTER authority to the resource for the user who needs to access Workbench.

To revoke user access

 You can revoke a user's access to one or more Workbench features.

Warning

Note

You need to create these resources only if you want to revoke access to a perspective or a functionality for one or more users. By default, all perspectives are available to users to whom you have granted access. You cannot revoke access to the Workspace manager or the DB2 Navigator perspective.

For each UIM installation, create a resource as described in the following tables, with the class set to XFACILIT and the access removed.

Warning

Note

Replace the variables system and port with the system name and the port number of the UIM server.

For this perspective

Create this SAF resource

File Locator

BMCGUD.WBAC.system.port.FILE_LOCATOR

Job Browser

BMCGUD.WBAC.system.port.JOB_BROWSER

SQL Tuning

BMCGUD.WBAC.system.port.SQL_TUNING

Scratchpad

BMCGUD.WBAC.system.port.SCRATCHPAD

Schema Management

BMCGUD.WBAC.system.port.SCHEMA_MANAGEMENT

Recovery Management

BMCGUD.WBAC.system.port.RECOVERY_MANAGEMENT

Product Tools

BMCGUD.WBAC.system.port.PRODUCT_TOOLS

Within the Product Tools perspective, you can revoke or assign authorization for specific features:

Product Tools feature

Create this SAF resource

Object set management feature

BMCGUD.WBAC.system.port.PRODUCT_TOOLS.OBJ_SET_MGR

NGT Utility Management feature

BMCGUD.WBAC.system.port.PRODUCT_TOOLS.NGT_UTIL_MGR

SmartSwitch feature

BMCGUD.WBAC.system.port.PRODUCT_TOOLS.SMART_SWITCH             

With the Apps view, you can revoke or assign authorization for specific applications:

Application

Create this SAF resource

SQL Errors

BMCGUD.WBAC.system.port.SQL_ERRORS

SQL Analysis

BMCGUD.WBAC.system.port. SQL_ANALYSIS

To assign superuser authorization

You must assign superuser authorization to at least one Workbench user. A superuser authorization is required to set up the Workbench repository.

With superuser authorization, a user can:

  • setup the BMC Workbench repository
  • edit and delete connections owned by any user 
  • edit and delete templates owned by any user
  • create, edit, and delete public connections.

Superuser authorization is specific to each UIM. If your site stores public connections and templates on several sysplexes according to business function, you can provide superuser authorization to specific users based on their areas of responsibility.


Warning

Note

If you previously used (ACT.WBSU.host.port) to define a superuser, you do not need to change it.

  1. For each UIM installation, create the following SAF resource as an XFACILIT class:BMCGUD.WBSU.system.port

    Warning

    Note

    Replace the variables system and port with the system name and port number on the UIM server.

  2. Assign ALTER authority to the superuser resource for the user requiring superuser authorization on the specified UIM.



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Workbench for DB2 12.1