In native DB2 security, any privilege granted on database DSNDB06 is implicitly granted on database DSNDB01. No explicit privileges can be granted on database DSNDB01.
In contrast, in CA ACF2 Option for DB2, databases DSNDB01 and DSNDB06 are treated like all other databases and each has its own DB2DBASE resource authorization. This means that grant statements are generated for both DSNDB01 and DSNDB06 databases. However, since native DB2 does not accept grants for DSNDB01, these grants fail with a ‑204 SQLCODE. The Catalog Synchronization Utility issues a warning message for this failure and continue processing. To avoid this situation, you can suppress generation of grant statements for DSNDB01 by specifying an EXCLUDE DBS(DSNDB01) control statement for the CADB2SY2 job.
If you need to compare access authorizations for DSNDB01 and DSNDB06, we recommend that you run a separate synchronization that includes these two databases and all users. You can then analyze the CADB2SY2 reports or the generated GRANT statements to compare the accesses defined for the DSNDB01 and DSNDB06 databases.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|