Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see CHECK PLUS for DB2 13.1.

System requirements

Before you install the product, make sure that your environment meets the hardware and software requirements.

Product compatibility matrix

Db2 support

This version of CHECK PLUS supports IBM Db2 Versions 8, 9, and 10.

System requirements

This version of CHECK PLUS requires z/OS 1.10 or later.

Software requirements

This version of CHECK PLUS has the following requirements for additional IBM or BMC software:

  • For all types of check jobs, CHECK PLUS requires a minimum of the versions of BMC common components:
    • Version 2.3.01 of BMCSORT
    • Version 10.1.00 of the DB2 Utilities Common Code (D2U)
    • Version 10.1.00 of the DB2 Solution Common Code (SCC)
  • To enable read/write access to your data during check processing, CHECK PLUS requires version 5.6.00 or later of the BMC EXTENDED BUFFER MANAGER (XBM) product or its SNAPSHOT UPGRADE FEATURE (SUF) technology. To enable Db2 Version 10 support, XBM and SUF also require PTF BPE0311.
  • To offload eligible processing to a zIIP, CHECK PLUS requires version 5.6.00 of either XBM or SUF with PTF BPE0313, or a later version.

If you use the XBMID option to specify a particular XBM subsystem, that subsystem must be at this maintenance level. If you do not specify an XBM subsystem but ZIIP ENABLED is in effect, CHECK PLUS searches for an XBM subsystem at this level.

To enable Db2 Version 10 support,XBM and SUF also require PTF BPE0311.

Required authorization

To use the CHECK PLUS product, you must have the appropriate authorization within Db2 and through your system security package, such as the Resource Access Control Facility (RACF). You need sufficient authorization to access resources and perform the tasks that are accomplished during CHECK PLUS processing.

The following table describes how CHECK PLUS verifies authorization based on the authorization verification mechanism that is available for your system:

Available authorization
verification mechanism

CHECK PLUS actions

Db2 security exit

CHECK PLUS uses the DSNX@XAC authorization exit to verify authorization for external access. The exit is available from the sources:

  • IBM provides a sample exit with Db2 for the IBM Resource Access Control Facility (RACF) component.
  • Computer Associates provides the DSNX@XAC exit with CA ACF2 Security for Db2 and CA Top Secret Security for Db2.

We recommend this mechanism for implementing external security. The access control authorization exit must be available in the STEPLIB, JOBLIB, linklist, or in the SYS3.DSN exit.

One of the security
products from Computer
Associates:

  • CA ACF2
  • CA Top Secret

CHECK PLUS uses either of these Computer Associates products with any version of Db2. CHECK PLUS detects the presence of the product in the subsystem where CHECK PLUS is running.

To use either of these products with CHECK PLUS, you must meet the following requirements:

  • You must be using a version of your security product that enables external security calls for Db2.
  • The value of the ACFORTSS installation option must be YES (the default).

Important

If you have one of these security products installed, but the version does not support external security, you must complete one of the following tasks:

  • Change the value of the ACFORTSS installation option to NO. CHECK PLUS then uses the standard Db2 method to check security.
  • Contact your security vendor for the required APAR to enable external security calls for Db2. Then, ensure that the value of the ACFORTSS installation option is YES.

None are available

CHECK PLUS uses the standard Db2 method to check security.

DB2 authorization

To run CHECK PLUS, you must have the following authorizations:

  • Sufficient Db2 authority to run the CHECK PLUS plan and all packages that the CHECK PLUS plan uses
  • Authorization equivalent to the authorization that the comparable IBM Db2 CHECK utility requires

Important

The CHECK TABLESPACE command requires only the authority to execute the CHECK PLUS plans and packages.

Data set authorization

CHECK PLUS does not use Db2 to access the data sets that it uses. Therefore, you must have system authorization that is equivalent to the authorization that is required by Db2. You can obtain this authorization in one of the following ways:

  • If you use RACF, specify OPNDB2ID=YES in your installation options module.
  • Establish authorization as described in Establishing authorization when OPNDB2ID=NO.

Using RACF and OPNDB2ID=YES

If you are using RACF and CHECK PLUS is installed with option OPNDB2ID=YES (which is the value that is shipped with CHECK PLUS), the user who is running CHECK PLUS is not required to have the authorizations that the section describes. OPNDB2ID=YES tells CHECK PLUS to use the Db2 RACF ID instead of the RACF ID of the user.

Establishing authorization when OPNDB2ID=NO

If RACF (or a similar system security package) protects both the underlying data sets and the Integrated Catalog Facility (ICF) catalog of a table or index space, you must have the minimum levels of authority as shown in the following Table.

Table or index space definition

To access Db2 data sets

To access the ICF catalog

VCAT-defined

READ

READ

STOGROUP-defined

READ

READ

Using security packages other than RACF

The following procedure illustrates one method for granting data set authorizations when your site uses a system security package other than RACF:

  1. Associate users with a security group.
  2. Grant EXECUTE authority on the CHECK PLUS product program (ACKUMAIN) to the security group.
  3. Grant the data set authorizations that are described in Table 6 to the CHECK PLUS product program.

MEMLIMIT system parameter

CHECK PLUS requires above-the-bar memory and will abend if this memory is not available. The default value for the System Management Facility (SMF) MEMLIMIT parameter is 2 GB.

You can change the default MEMLIMIT parameter value in member SMFPRMxx in SYS1.PARMLIB by using one of the following methods:

  • Specify the MEMLIMIT parameter in the JCL.
  • Specify REGION=0M in the JCL.
  • Use the SMF IEFUSI exit.

If you cannot specify REGION=0M, we recommend that you specify NOLIMIT to allow unlimited above-the-bar memory. If you cannot specify NOLIMIT, specify at least 4 GB.

Related topics

Operational-considerations

Planning

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*