Load - Db2 privileges

During the interactive portion of the load process, you specify the Db2 objects that are involved in the load process. File-AID/RDX generates the JCL regardless of the user’s Db2 privileges. This enables a user with limited Db2 privileges to generate the load JCL, while a user with more Db2 privileges, such as a DBA, can submit the load JCL.

If you are unauthorized to use Db2 utilities, Compuware suggests using SQL Insert processing.

When generating the JCL, File-AID/RDX inserts comments regarding Db2 privileges at the beginning of the JCL. These comments indicate that the current SQLID either has authorization for all load steps, or lacks specific Db2 authority (see the example in the following figure).

Example of SQLID Authorization Error Comments in Load JCL

//*SQLID TSOID01 IS UNAUTHORIZED TO:
//*     CREATE TABLE FR.PART_TABLE_1
//*     ALTER DEPENDENTS OF TABLE FR.PART_TABLE_1
//*     DELETE ROWS FROM TABLE FR.PART_TABLE_1
//*     LOAD TO TABLE FR.PART_TABLE_1
//*     RUN CHECK DATA ON TABLESPACE FRD23H.PARTRTAB
//*     RUN CHECK DATA ON DEPENDENTS OF FR.PART_TABLE_1
//*     ALTER TABLE FR.PART_TABLE_1

The execution phase of the load function, which actually executes the File-AID/RDX load JCL, requires the user to have all relevant Db2 privileges. See The Load Process for more details regarding each step in the JCL.

Privileges Required for Load Steps

The privileges required for load steps varies depending on whether you use the Db2 LOAD utility or SQL INSERT statements.

Privileges Required to Use the Db2 LOAD Utility

When you use the Db2 LOAD utility, the user who submits the batch JCL or the authorization ID of the owner of the File-AID/RDX plan must have one of the privileges listed for each of the following steps.

CREATE step

If creating new tables, one of the following privileges is required:

  • SYSADM or SYSCTRL.
  • DBADM, DBCTRL, DBMAINT for the database where the tables are to be created.
  • CREATETAB privilege for the database where tables are to be created.
  • USE OF an existing tablespace where tables are to be created.
  • CREATETS privilege for the database where tables are to be created when implicitly creating a tablespace. This indicates authority to use the database default STOGROUP and buffer pool.

LDDRV step

There are no Db2 privileges required for this step.

DELTE step

This step executes DELETE and ALTER statements. To execute this step one of the following privileges is required:

  • SYSADM.
  • DBADM for the database where tables to be loaded exist.
  • ALTER and DELETE privileges for the table to be deleted.
  • If a table has dependents, ALTER privilege on the table to be deleted and on the dependents of the table to be deleted.
  • Ownership of the table and of dependent tables.

LOAD step

To execute the Db2 LOAD utility requires one of the following privileges:

  • SYSCTRL or SYSADM.
  • DBADM, DBCTRL or LOAD privilege for the database where tables are to be loaded.
  • Ownership of the table.

RPAIR step

To execute the Db2 REPAIR utility requires one of the following privileges:

  • SYSCTRL or SYSADM.
  • DBADM or DBCTRL privilege for the database.
  • REPAIR privilege for the database.

CHCKDATA step

To execute the Db2 CHECK utility requires one of the following privileges:

  • SYSCTRL, SYSADM, or SYSOPR.
  • DBADM, DBCTRL, DBMAINT, or STATS privilege for the database where tablespaces to be checked exist.

IMAGECPY step

To execute the Db2 COPY utility requires one of the following privileges:

  • SYSCTRL or SYSADM.
  • DBADM, DBCTRL, or DBMAINT privilege for the database.
  • IMAGECPY privilege for the database.

Privileges Required to Use SQL INSERT Statements

When you use SQL INSERT statements, the user who submits the batch JCL or the authorization ID of the owner of the File-AID/RDX plan must have one of the privileges listed for each of the following steps.

CREATE step

If creating new tables, one of the following privileges is required:

  • SYSADM or SYSCTRL.
  • DBADM, DBCTRL, DBMAINT for the database where the tables are to be created.
  • CREATETAB privilege for the database where tables are to be created.
  • USE OF an existing tablespace where tables are to be created.
  • CREATETS privilege for the database where tables are to be created when implicitly creating a tablespace. This indicates authority to use the database default STOGROUP and buffer pool.

LDDRV step

There are no Db2 privileges required for this step.

DELETE step

To execute this step for a table requires one of the following privileges:

  • DELETE privilege on the table to be deleted.
  • Ownership of the table to be deleted.
  • DBADM authority on the database containing the table to be deleted.
  • SYSADM authority.

To execute this step for a view requires one of the following privileges:

  • DELETE privilege on the view to be deleted.
  • SYSADM authority.

LDSQLIN step

To execute SQL INSERT statements for a table requires one of the following privileges:

  • INSERT privilege on the table to be inserted.
  • Ownership of the table to be inserted.
  • DBADM authority on the database containing the table to be inserted.
  • SYSADM authority.

To execute SQL UPDATE statements for a table requires one of the following privileges:

  • UPDATE privilege on the table to be updated.
  • Ownership of the table to be updated.
  • DBADM authority on the database containing the table to be updated.
  • SYSADM authority.

To execute SQL INSERT statements for a view requires one of the following privileges:

  • INSERT privilege on the view to be inserted.
  • SYSADM authority.

To execute SQL UPDATE statements for a view requires one of the following privileges:

  • UPDATE privilege on the view to be updated.
  • SYSADM authority.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*