Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see LOADPLUS for DB2 13.1.

Setting LOADPLUS authorizations

LOADPLUS does not run as part of the Db2 subsystem. Therefore, users must have system and data set authorizations that are equivalent to the authorizations that Db2 requires. Use the following procedures to set the necessary authorizations.

To set Db2 authorizations

  1. For all load jobs, grant the following authorizations:
    • Sufficient Db2 authority to execute the LOADPLUS plan and all packages that the LOADPLUS plan uses
    • Authorization equivalent to the authorization that the IBM Db2 LOAD utility requires

  2. To enable loading tables that contain identity columns, also complete the following authorization steps:

    Important

    These additional authorizations might be implicit in the authorization that the users have.

    1. Grant SELECT privileges on the following Db2 tables:
      • SYSIBM.SYSSEQUENCES
      • SYSIBM.SYSSEQUENCESDEP
    2. To enable the use of the UPDATEMAXA YES option to update the MAXASSIGNEDVAL column of the SYSIBM.SYSSEQUENCES table, complete the following steps:
      1. Determine which of the following authorization IDs should have ALTER privileges for the table that is being loaded:
        • User ID of the job owner
        • INSTALL SYSADM
      2. Ensure that the value for the UPDMAXA_AUTHID installation option reflects this determination.
      3. Grant ALTER privileges on the table that is being loaded for the appropriate authorization ID.

  3. To enable loading a table whose table space or index spaces are defined with DEFINE NO, also grant INSERT privileges on that table.

    Important

    INSERT privileges might be implicit in the authority that the users have.

  4. To enable the using FORCE option to cancel Db2 threads that might prevent a successful drain during a load job, also grant the following authorizations:

    • DISPLAY privileges
    • One of the following authorities:
      • SYSADM
      • SYSOPR
      • SYSCTRL

    Important

    These authorizations might be implicit in the authority that the users have.

  5. To enable zIIP processing and LOADPLUS features that use snapshot processing, ensure that you have the appropriate authorizations for XBM or SUF.For information about security levels and authorizations for XBM, see theEXTENDED BUFFER MANAGER for DB2 documentation.

  6. To enable running an SQLAPPLY load, also grant the following authorizations:

    Important

    When running an SQLAPPLY load, LOADPLUS passes processing during the COMBINED phase to the High-speed Apply Engine component of the BMC AMI Log Master for Db2 product. High-speed Apply Engine requires the following Db2 authorizations. The APTGRANT member of the High-speed Apply Engine HLQ.LLQSAMP installation data set (where HLQ is the high-level qualifier that is set during installation and LLQ is the low-level qualifier or prefix set during installation) contains sample authorization statements.

    You can use secondary authorization IDs to limit access as necessary for your site.

    • (Normally granted during High-speed Apply Engine installation) EXECUTE privileges:
      • EXECUTE privilege for the plan that High-speed Apply Engine uses to access its own restart table and the catalog
      • EXECUTE privilege for the High-speed Apply restart package

    • (Normally granted after High-speed Apply Engine installation) additional privileges:

      • INSERT privileges on the table that a user is loading
      • INSERT, UPDATE, SELECT, and DELETE privileges on the High-speed Apply Engine restart table
      • CREATE privileges for the collections that the High-speed Apply Engine creates
      • Bind privileges with the add option (BINDADD) for the plans and packages that High-speed Apply creates during apply processing

      The High-speed Apply Engine provides several ways to grant the CREATE and BINDADD privileges. Some techniques avoid granting bind privileges to the user ID that runs High-speed Apply. For more information, see the High-speed Apply Engine documentation documentation.

    Important

    The pre-bound plan option, described in the High-speed Apply Engine documentation, is not compatible with LOADPLUS.

To enable data set access using the Db2 RACF ID

Specify OPNDB2ID=YES in your installation options.

This option tells LOADPLUS to use the Db2 RACF ID for data set access.

To enable data to set access when not using the Db2 RACF ID

  1. Specify OPNDB2ID=NO in your installation options.

    This option tells LOADPLUS not to use the Db2 RACF ID for data set access.

  2. If using RACF or a similar system security package to protect underlying data sets and the Integrated Catalog Facility (ICF) catalog of a table or index space, set a minimum of the levels of authorization shown in the following table for all load jobs.

    Minimum levels of authorization that LOADPLUS requires

    Table or index space definition

    To access, update, and define DB2 data sets

    To access and update the ICF catalog

    VCAT-defined

    CONTROL

    UPDATE

    STOGROUP-defined

    ALTER or CONTROL

    UPDATE or CONTROL

    Example

    The following steps illustrate one method for granting these data set authorizations when your site uses a system security package other than RACF:

    1. Associate users with a security group.
    2. Grant EXECUTE privileges on the LOADPLUS product program (AMUUMAIN) to the security group.
    3. Grant the data set authorizations to AMUUMAIN.
  3. To enable checking referential constraints during the load, also grant READ privileges on the primary index of the parent table for the table being loaded.
  4. To enable using rename or FASTSWITCH processing, if you establish authority at a node lower than the highest node, grant the same privileges as shown in the Minimum levels of authorization that LOADPLUS requires table for the following data sets:
    • When FASTSWITCH NO is in effect:
      • VCAT.BMCDBD.database.object.I0001
      • VCAT.BMCDBC.database.object.I0001
      • VCAT.OLDDBD.database.object.I0001
      • VCAT.OLDDBC.database.object.I0001
      • VCAT.BMCDBD.database.object.J0001
      • VCAT.BMCDBC.database.object.J0001
      • VCAT.OLDDBD.database.object.J0001
      • VCAT.OLDDBC.database.object.J0001
    • When FASTSWITCH YES is in effect:
      • VCAT.BMCDBD.database.object.I0001
      • VCAT.BMCDBC.database.object.I0001
      • VCAT.BMCDBD.database.object.J0001
      • VCAT.BMCDBC.database.object.J0001

Related topics

System-requirements

Preparing-to-use-LOADPLUS

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*