Previous Topic: DB2PROCNext Topic: DB2SCHMA

Protecting ResourcesDB2ROLE

DB2ROLE

Description

Identifies DB2 roles.

TSS Commands

The following TSS commands can be used with the DB2ROLE keyword: CREATE, DELETE, ADDTO, REMOVE PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, WHOHAS

TSS ADDTO/REMOVE

Syntax

TSS ADD(acid) DB2ROLE(role,…)

Prefix length

2-26 characters

Capacity of list

1-5 DB2 roles per TSS command.

Authority

Administrators must have DB2ROLE(OWN) authority.

Masking

The DB2ROLE resource class supports all masking characters.

Types

The DB2ROLE keyword is used with the following ACID types: User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, MSCA.

TSS PERMIT/REVOKE

Syntax

TSS PER(acid) DB2ROLE(role,…)

Prefix length

2-26 characters

Role name

1-128 characters

Capacity of list

1-5 roles per TSS command.

Accesses

The administrator can specify any or all of the following accesses: ALL, NONE. The default access is ALL

Access Controls

The administrator can use any of the following methods to control access to roles: Expiration, Facility, Time/Day, Actions.

Types

The DB2ROLE keyword is used with the following ACID types: User, Profile, DCA, VCA, ZCA, LSCA, SCA, MSCA.

TSS ADMIN/DEADMIN

Syntax

TSS ADMIN(acid) DB2ROLE(authority level(s))

Authority Levels

Administrators can specify any or all of the following authority levels: OWN, XAUTH, AUDIT, INFO, REPORT, ALL.

Types

The DB2ROLE keyword is used with the following ACID types: User, DCA, VCA, LSCA, ZCA, SCA, MSCA.

TSS ADDTO/REMOVE

To give the Finance Department (FINDEPT) administrative ownership of the role PAYCLERK, the administrator enters:

TSS ADD(FINDEPT) DB2ROLE(PAYCLERK)

Ownership of the role PAYCLERK is removed by entering: TSS REMOVE(FINDEPT) DB2ROLE(PAYCLERK)

TSS PERMIT/REVOKE

The administrator wants to give USRMARK DB2 ownership of the role PAYCLERK:

TSS PERMIT(USRMARK) DB2ROLE(PAYCLERK) ACCESS(ALL)

To revoke USRMARK's authority the administrator enters:

TSS REVOKE(USRMARK) DB2ROLE(PAYCLERK) ACCESS(ALL)

TSS ADMIN/DEADMIN

To give administrator FINVCA the ability to assign administrative ownership of roles, to permit users DB2 ownership of roles within his scope, and audit the use of roles owned by the division, the administrator enters:

TSS ADMIN(FINVCA) DB2ROLE(OWN,XAUTH,INFO)

To remove FINVCA's authority for roles, the administrator enters:

TSS DEADMIN(FINVCA) DB2ROLE(OWN,XAUTH,INFO)

TSS WHOHAS

To determine who has access to the role PAYCLERK, the administrator enters:

TSS WHOHAS DB2ROLE(PAYCLERK)

CA Top Secret will respond by displaying all of the ACIDs that have access to this particular role.

TSS WHOOWNS

To determine who has administrative ownership of the role PAYCLERK, the administrator enters:

TSS WHOOWNS DB2ROLE(PAYCLERK)