Space announcement This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Setting REORG PLUS authorizations

REORG PLUS does not run as part of the Db2 subsystem. Therefore, users must have system and data set authorizations that are equivalent to the authorizations that Db2 requires. Use the following procedures to set the necessary authorizations.

Related topic

System-requirements

To set Db2 authorizations

  1. For all reorganization jobs, grant the following authorizations:

    • Sufficient Db2 authority to execute the REORG PLUS plan and all packages that the REORG PLUS plan uses
    • Authorization equivalent to the authorization that the comparable IBM Db2 REORG utility requires

    Important

    REORG PLUS does not check for the DELETE privilege when the SELECT/DELETE option is used. REORG PLUS does not check for the UPDATE privilege when the UPDATE option is used.

  2. To enable running a SHRLEVEL CHANGE reorganization, also grant the following additional authorities:

    • TRACE authority
    • MONITOR2 authority
    • DISPLAY authority (if not already granted to PUBLIC)

    Important

    These privileges might be implicit in the authority that the users have.

  3. To enable reorganizing base table spaces that contain XML columns, also grant SELECT privileges on the following Db2 tables:

    • SYSIBM.SYSSEQUENCES
    • SYSIBM.SYSSEQUENCESDEP

    Important

    These privileges might be implicit in the authority that the users have.

  4. To enable reorganizing user-defined XML indexes, also grant SELECT privileges on the SYSIBM.SYSXMLRELS Db2 table.

    Important

    These privileges might be implicit in the authority that the users have.

  5. To enable using the DSRSEXIT user exit to update the Db2 catalog (in other words, the DSRSEXIT user exit has a default of YES for the BMC_ALTER_DB2_CATALOG variable), also complete the following steps:
    1. For the ALTER TABLESPACE statement, grant one of the following privileges if the user is not the owner of the table space:
      • DBADM authority for the database that contains the table
      • SYSADM or SYSCTRL authority
      • System DBADM
    2. For the ALTER INDEX or ALTER TABLE statement, grant one of the following privileges if the user is not the owner of the index:
      • Ownership of the table on which the index is defined
      • DBADM authority for the database that contains the table
      • SYSADM or SYSCTRL authority
      • System DBADM
  6. To enable using the MAPTEXIT user exit, also grant the authority to create and drop objects on the DSNDB04 database.

  7. To enable the use of the FORCE option to cancel DB2 threads that might prevent a successful drain during a reorganization job, also grant the following authorizations:

    • DISPLAY privileges
    • One of the following authorities:
      • SYSADM
      • SYSOPR
      • SYSCTRL

    Important

    These authorizations might be implicit in the authority that the users have.

  8. To enable use of the 

    SNAPSHOT UPGRADE FEATURE

     (

    SUF

    ) (also known as 

    XBM

    ), ensure that you have the appropriate authorizations for 

    XBM

     or 

    SUF

    .For information about security levels and authorizations for SUF (also known as XBM), see the SNAPSHOT UPGRADE FEATURE for DB2 documentation.

To enable data set access using the Db2 DBM1 user ID for RACF or ACF2

Specify OPNDB2ID=YES in your installation options.

This option tells the utility to use the Db2 DBM1 RACF or ACF2 user ID for data set access.


Important

Using OPNDB2ID=NO can improve performance, depending on the size of your data set profiles and the number of VSAM data sets that are involved in the reorganization.

To enable data set access when not using the Db2 RACF ID

  1. Specify OPNDB2ID=NO in your installation options.This option tells REORG PLUS not to use the Db2 RACF ID for data set access.
  2. If using RACF or a similar system security package to protect underlying data sets and the Integrated Catalog Facility (ICF) catalog of a table or index space, grant a minimum of the following levels of authorization:
    • ALTER or CONTROL to access, update, and define Db2 data sets

    • UPDATE or CONTROL to access and update the ICF catalog

      Example

      The following steps illustrate one method for granting these data set authorizations when your site uses a system security package other than RACF:

      1. Associate users with a security group.
      2. Grant EXECUTE privileges on the REORG PLUS product program (ARUUMAIN) to the security group.
      3. Grant the data set authorizations to ARUUMAIN.
  3. To enable using rename or FASTSWITCH processing, if you establish authority at a node lower than the highest node, grant the same privileges as described in step 2 for the following data sets:
    • For STAGEDSN=BMC:
      • VCAT.BMCDBD.database.object.I0001
      • VCAT.BMCDBC.database.object.I0001
      • VCAT.OLDDBD.database.object.I0001
      • VCAT.OLDDBC.database.object.I0001
      • VCAT.BMCDBD.database.object.J0001
      • VCAT.BMCDBC.database.object.J0001
      • VCAT.OLDDBD.database.object.J0001
      • VCAT.OLDDBC.database.object.J0001
    • For STAGEDSN=DSN (the default when you use the FASTSWITCH process):
      • VCAT.BMCDBD.database.object.I0001
      • VCAT.BMCDBC.database.object.I0001
      • VCAT.BMCDBD.database.object.J0001
      • VCAT.BMCDBC.database.object.J0001
      • VCAT.DSNDBD.database.object.S0001
      • VCAT.DSNDBC.database.object.S0001

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*