BMC AMI Utilities authorizations

The BMC AMI Utilitiesproducts require certain user authorizations.

Db2 plan authorizations

The system administrator should grant EXECUTE authority on the BMC AMI Utilitiesproducts plan to those users that will be running a BMC AMI Utilitiesproduct. All Db2 utility authorizations are checked by BMC AMI Utilitiesat runtime. Secondary authorization IDs are supported.

BMC AMI Utilitiesproducts require the following minimum access privileges are present before allowing execution. SYSADM and SYSCTL levels have all of the minimum Db2 authority required in the table below.

Db2 user authorizations

Important

  • By specifying +RACFID(&DBM1ID) in the AMI utility configuration, AMI utilities will use the authority of the Db2 DBM1 address space to access the Db2 VSAM datasets just as with native Db2 utilities. This prevents the need to add permissions to AMI utility users.
  • Db2 utilities must update the Db2 Catalog. AMI utilities by default will use the Install SYSADM authority to make these updates. This does not give the utility submitter any Db2 Catalog authority. If it is the installations practice to remove authority from the Install SYSADM, the installation can specify an alternate authId for this access using AMI configuration parameter +SQLID.

Product

VSAM authority

Minimum Db2 authority

BMC AMI Copy

READ

IMAGCOPYAUTH

BMC AMI Load

ALTER

LOADAUTH

BMC AMI Reorg

ALTER

REORGAUTH

REORG INDEX

ALTER

REORGAUTH

BMC AMI Unload

READ

IMAGCOPYAUTH

UNLOAD SHRLEVEL CHANGE

READ

SELECTAUTH

BMC AMI Stats

UPDATE

Authorization not checked

REBUILD INDEX

ALTER

Authorization not checked

The VSAM authority must be held by the individual running the BMC AMI Utilitiesproducts or by the userIds specified in the global parameter +RACFID. For an explanation of +RACFID, see BMC AMI Utilities documentation.

APF authorization

The UserHLQ.UBMCLINK data set must be APF-authorized.

The UserHLQ.UBMCLINK data set is created during the installation process.

To update the APF list, on any MVS console issue the following command:

SETPROG APF,ADD,DSNAME=LIBRARY,VOLUME=<volume>

Required authorizations forBMC AMI Check

Using BMC AMI Checkrequires one of the following authorizations:

  • On the database, COPY authority
  • For the user, SYSADM authority or DBADM authority

Required authorizations forBMC AMI Reorg

BMC AMI Reorgrequires one of the following authorizations:

  • REORG authority on the database
  • SYSADM or DBADM authority

Required authorizations forBMC AMI LOBMaster

BMC AMI LOBMasterrequires one of the following authorizations:

  • REORG authority on the database
  • SYSADM or DBADM authority

Required authorizations forBMC AMI Stats

BMC AMI Statsrequires one of the following authorizations:

  • For the database, STATS authority
  • One of the following administrator authorities:
    • SYSADM
    • SYSOPR
    • DBADM
    • DBCTRL
    • DBMAINT

Required authorizations forBMC AMI Unload

Using BMC AMI Unloadrequires one of the following authorizations:

  • One of the following for the database:
    • SYSADM
    • DBADM
    • COPY
  • One of the following for the tables:
    • Ownership
    • SELECT
    • SYSCTRL (catalog tables only)

Related topics

User-authorizationsGlobal parameters (UTLPARMS)+RACFID+SQLID

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*