Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see UNLOAD PLUS for DB2 13.1.

Setting UNLOAD PLUS authorizations

UNLOAD PLUS does not run as part of the Db2 subsystem. Therefore, users must have system authorizations and, for DIRECT YES, data set authorizations that are equivalent to the authorizations that Db2 requires. Use the following procedures to set the necessary authorizations.

Note

If you are using UNLOAD PLUS with ALTER for Db2 or 

BMC AMI Change Manager for Db2

, UNLOAD PLUS functions in DIRECT YES mode only.

To set Db2 authorizations

  1. For all unload jobs, set the following authorizations:
    • Sufficient Db2 authority to execute the UNLOAD PLUS plan and all packages that the UNLOAD PLUS plan uses
    • Authorization equivalent to the authorization that the IBM Db2 UNLOAD utility requires

    • When DIRECT NO is invoked, UNLOAD authority is not used, you must have the necessary SELECT authority

      Note

      UNLOAD PLUS enforces row- and column-level security only when DIRECT NO is in effect.

  2. To enable the use of the FORCE option to cancel Db2 threads that might prevent a successful drain during an unload job, grant the following authorizations:

    • DISPLAY privileges
    • One of the following authorities:
      • SYSADM
      • SYSOPR
      • SYSCTRL

    Note

    These authorizations might be implicit in the authority that the users have.

  3. To enable zIIP processing and SHRLEVEL CHANGE CONSISTENT YES, ensure that you have the appropriate authorizations for XBM or SUF.For information about security levels and authorizations for XBM, see theEXTENDED BUFFER MANAGER for DB2 documentation.

To enable data set access using the Db2 RACF ID

Specify OPNDB2ID=YES in your installation options.

This option tells UNLOAD PLUS to use the Db2 RACF ID for data set access.

To enable data set access when not using the Db2 RACF ID

When using DIRECT NO, UNLOAD PLUS uses Db2 to access data sets. In this case, users do not need the authorization described in this procedure.

  1. Specify OPNDB2ID=NO in your installation options.This option tells UNLOAD PLUS not to use the Db2 RACF ID for data set access.
  2. If using RACF or a similar system security package to protect underlying data sets and the Integrated Catalog Facility (ICF) catalog of a table or index space, grant READ privileges for the following sources:
    • Db2 VSAM data sets
    • Db2 image copy data sets
    • DSN1COPY data sets
    • Inline copy data sets
    • Instant Snapshot copy data sets
    • Online consistent copy data sets
    • Cabinet copy data sets
    • VSAM FlashCopy data sets
    • VSAM linear data sets
    • Encrypted copy data sets that are created by COPY PLUS
    • Key data sets for encrypted copies

Tip

For sites that use a system security package other than RACF, the following steps illustrate one method for granting these data set authorizations: 

  1. Associate users with a security group.
  2. Grant EXECUTE privileges on the UNLOAD PLUS product program (ADUUMAIN) to the security group.
  3. Grant the data set authorizations to ADUUMAIN.


Related topic

Required authorization

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*