DBUTLTY table access is secured mostly through DTUTIL. A few individual DBUTLTY functions can secure table access using resource class defined for non-SQL, non-Server, and non-CICS. These are DBUTLTY functions which require READ or ADD access at the table level.
The following is a list of valid CA Datacom/DB DTUTIL resources. Replace cxxname with a valid Directory (CXX) name. A resource format that includes tables applies to a function or subfunction that involves a database or area and can affect more than one table. In most cases, you must identify to the external security product each table that you want to allow or deny access.
ALTERDSN ALTER DSN
ALTERDBC ALTER DBCS
ALTERDSO ALTER DSOP
ALTERKEY ALTER CBSUSE KEYNAME
ALTERLNG ALTER LANGUAGE
ALTERLNK ALTER LINK
ALTERLOG ALTER LOGGING
ALTEROP2 ALTER OPTION2
ALTERSIN ALTER SINGLE (Single User)
The following is a list of valid CA Datacom/DB DTUTIL resources. The format of the DTUTIL resource name for the function is:
cxxname.DBUTLTY.function.subfunction
For most DBUTLTY functions, although some have no sub-function, in which case the format is:
cxxname.DBUTLTY.function
For DBUTLTY functions that include table access, the format of the DTUTIL resource name for table-level checks is:
cxxname.DB0nnnn.table.right.
Valid DTUTIL Resources
|
DTUTIL |
DTUTIL |
DnTABLE |
Table |
Tables |
|---|---|---|---|---|
|
ACCESS |
OPER |
|
|
X |
|
ACCT.CATALOG |
OPER |
|
|
X |
|
ACCT.CLOSE |
|
|
|
|
|
ACCT.EDIT |
CATALOG |
|
|
X |
|
ACCT.OPEN |
|
|
|
|
|
ACCT.SPILL |
|
|
|
|
|
AUTO* |
|
|
|
|
|
BACKUP.CXX |
|
|
|
|
|
BACKUP.DATA |
BACKUP |
|
|
X |
|
COMM.ALTER |
|
|
|
|
|
COMM.CANCEL |
|
|
|
|
|
COMM.CLOSE |
|
|
|
|
|
COMM.CLRCBS |
|
|
|
|
|
COMM.CLRDST |
|
|
|
|
|
COMM.CLRPXX |
|
|
|
|
|
COMM.CLRML |
|
|
|
|
|
COMM.CLRSQL |
|
|
|
|
|
COMM.CONSOLE |
|
|
|
|
|
COMM.EOJ |
|
|
|
|
|
COMM.EOJFREE |
|
|
|
|
|
COMM.EOJKEEP |
|
|
|
|
|
COMM.NEWRXX |
|
|
|
|
|
COMM.REQABORT |
|
|
|
|
|
COMM.SNAP |
|
|
|
|
|
COMM.SNAPCSA |
|
|
|
|
|
COMM.SNAPSVC |
|
|
|
|
|
COMM.STATS |
|
|
|
|
|
COMM.STATUS |
|
|
|
|
|
CONFIRM |
|
|
|
|
|
CXXCLONE (if no DBID is specified, refer to the LOAD.CXX row, or if a DBID is specified, refer to the LOAD.CXXBASE row) |
|
|
|
|
|
CXXMAINT.ALTERDBC |
|
|
|
|
|
CXXMAINT.ALTERDSN |
CATALOG |
|
|
X |
|
CXXMAINT.ALTERDSO |
CATALOG |
|
|
X |
|
CXXMAINT.ALTERKEY |
CATALOG |
|
X |
|
|
CXXMAINT.ALTERLNG |
|
|
|
|
|
CXXMAINT.ALTERLNK |
CATALOG |
|
|
X |
|
CXXMAINT.ALTERLOG |
CATALOG |
|
X |
|
|
CXXMAINT.ALTEROP2 |
|
|
|
|
|
CXXMAINT.ALTERSIN |
|
|
|
|
|
CXXMAINT.CONVERT |
|
|
|
|
|
CXXMAINT.DDPROD |
CATALOG |
|
|
X |
|
CXXMAINT.DELETE |
CATALOG |
|
X |
|
|
CXXMAINT.PURGE |
|
|
|
|
|
DBTEST |
|
|
|
|
|
DEFRAG |
|
|
|
|
|
EXTBKUP.DATA |
|
|
|
|
|
EXTEND.DATA |
LOAD |
|
|
X |
|
EXTEND.IXX |
OPER |
|
|
X |
|
EXTRACT |
|
READ |
X |
|
|
ENCRYPT |
|
|
|
|
|
FLEXPOOL.ADD |
|
|
|
|
|
FLEXPOOL.DELETE |
|
|
|
|
|
INIT.CXX |
|
|
|
|
|
INIT.DATA |
LOAD |
|
|
X |
|
INIT.IXX |
OPER |
|
|
X |
|
INIT.LXX |
|
|
|
|
|
INIT.WXX |
|
|
|
|
|
LINK |
CATALOG |
|
|
X |
|
LOAD.CXX |
|
|
|
|
|
LOAD.CXXBASE |
CATALOG |
|
|
X |
|
LOAD.DATA |
LOAD |
|
|
X |
|
LOCK.MOVER |
OPER |
|
|
X |
|
MASSADD |
|
ADD |
X |
|
|
OLREORG |
|
|
|
|
|
RECOVERY.BACKWARD |
LOAD |
|
|
X |
|
RECOVERY.FORWARD |
LOAD |
|
|
X |
|
REMOVE |
CATALOG |
|
|
X |
|
REORG.DATA |
BACKUP LOAD |
|
|
X |
|
REPLACE.DATA |
LOAD |
|
X |
|
|
REPORT.CXX |
DISPLAY |
|
|
X |
|
REPORT.DEVICE |
|
|
|
|
|
REPORT.DDNAME |
|
|
|
|
|
REPORT.ENCRYPT |
|
|
|
|
|
REPORT.HISTORY |
DISPLAY |
|
|
X |
|
REPORT.IXX |
DISPLAY |
|
|
X |
|
REPORT.IXXDUMP |
|
READ |
|
X |
|
REPORT.LXX |
|
|
|
|
|
REPORT.PXX |
|
|
|
|
|
REPORT.REFGROUP |
|
READ |
X |
|
|
REPORT.RXX |
|
|
|
|
|
RESET.CXX |
OPER |
|
|
X |
|
RESET.LXX |
|
|
|
|
|
RETIX |
OPER |
|
|
X |
|
RXXFIX |
|
|
|
|
|
SECURITY.RESET |
|
|
|
|
|
SPILL |
|
|
|
|
|
SPILLREW |
|
|
|
|
|
SPLIT |
|
|
|
|
|
UNLOCK.MOVER |
OPER |
|
|
X |
|
VERINDEX |
|
|
|
|
* For more information about AUTO DBUTLTYs, see the following Valid DBUTLTY External Security Rights table.
Valid DBUTLTY External Security Rights
|
DTUTIL Function |
Access Level to |
Access Level to |
|---|---|---|
|
AUTOCOLL.AVGPERF |
|
READ and ADD |
|
AUTOCOLL.BASELINE |
|
READ and ADD |
|
AUTOCOLL.DELTACRE |
READ |
ADD |
|
AUTOCOLL.DELTADEL |
|
READ and DELETE |
|
AUTOCOLL.DELTARPT |
|
READ |
|
AUTOCOLL.DSVOUT |
|
READ |
|
AUTOCOLL.SNAPDEL |
|
READ and DELETE |
|
AUTOCOLL.SNAPRPT |
|
READ |
|
AUTOCOLL.SNAPSHOT |
READ |
ADD |
|
AUTOCOLL.SUMMARY |
|
READ and ADD |
|
AUTOINFOTOR
|
READ |
|
|
AUTOSTAT |
|
ADD |
Examples
DBMUF001.DBUTLTY.ACCT.CATALOG validates the right of a requestor to perform the subfunction CATALOG of the DBUTLTY function ACCT to catalog the Accounting Facility database in the system known as DBMUF001. This requires OPER access rights for all user-defined Accounting tables and the PRM table.
DBMUF001.DBUTLTY.INIT.CXX validates the right of a requestor to perform the DBUTLTY function INIT CXX in the system known as DBMUF001.
DBMUF001.DBUTLTY.MASSADD validates the right of a requestor to perform the DBUTLTY function MASSADD in the system known as DBMUF001. This requires the ADD access level for the table where the records are added.
|
Copyright © 2014 CA.
All rights reserved.
|
|