The DB2 OPTS record lets you define values for global options. Among these options are the level of protection given to each resource type for a specific DB2 subsystem, the ability to define a group SYSID, and whether or not to insert the OPTS record before you install CA ACF2 Option for DB2. The following table shows the OPTS record ID, its fields, and possible field values. If you change the values of one of these fields, you must restart the DB2 subsystem for the new values to become effective.
|
Record ID |
Fields |
|---|---|
|
OPTS |
ACTIVE|NOACTIVE |
Note: We recommend that you use caution when you specify QUIET or LOG as the mode value for any type of DB2 resource. Whenever a user requests access to a DB2 object, CA ACF2 Option for DB2 validates the same set of privileges that DB2 checks. For each privilege in the set, CA ACF2 Option for DB2 validates a rule to find one that grants access. Each time CA ACF2 Option for DB2 checks a rule and denies access, CA ACF2 Option for DB2 also checks the value of the mode field (xxxMODE) for that resource type. If the mode field is set to QUIET or LOG, CA ACF2 Option for DB2 allows access to the resource. This means that any mode field specifying QUIET or LOG can grant access when that type of resource is being validated. Because CA ACF2 Option for DB2 ultimately checks for the SYSADM authority (a system privilege) for almost all requests, the SYSMODE field is particularly important. By setting this to LOG or QUIET, you are allowing (and perhaps logging) all requests. See section entitled “Processing Security Information” in the “Comparing DB2 and CA ACF2 Option for DB2 Features” chapter, for more information about this processing.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|