Using the AuthId parameter
With this method, High-speed Apply Engine binds by using the authority of a specified user ID. High-speed Apply Engine uses this user ID only for bind processing.
This method has the following requirements:
- The user ID that runs High-speed Apply Engine (userid01) must have EXECUTE privilege for the High-speed Apply Engine plan and restart table package. This user ID does not require special privileges for bind actions.
- The user ID that you specify for bind processing (userid02) can be a primary or secondary authorization ID, and
- Must have SYSADM authority or SYSCTRL authority
- Must be a valid TSO logon ID; otherwise, your security software can issue warning messages or prevent required processing
- Cannot be a group ID
- The apply request must specify userid02 as the value of the AuthId configuration parameter (AuthID).
Authorization examples for using the AuthID parameter
The examples in this section show the authorizations that are normally granted during and after installation.
The authorizations that you grant depend on your own security policies. For definitions of the variables shown in these examples, see Db2-authorizations-for-plans-packages-and-collections.
The following example shows the authorizations that provide access to the High-speed Apply Engine plan and restart table package. These authorizations are normally granted during installation.
GRANT EXECUTE ON PACKAGE BMCAPT.APTREB2 TO userid01;
The following shows additional authorizations that are required to run High-speed Apply Engine. These authorizations are normally granted after installation.
tableNames TO userid01;
GRANT SYSADM TO userid02;
or
GRANT SYSCTRL TO userid02;