Identifies DB2 system privileges or authorities.
The following TSS commands can be used with the DB2SYS keyword: CREATE, DELETE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, WHOHAS.
TSS ADD(acid) DB2SYS(priv,priv,priv,...)
1‑8 characters
1‑5 DB2 system privileges per TSS command.
Administrators must have DB2SYS(OWN) authority.
The DB2SYS keyword is used with the following ACID types: User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, MSCA.
Note: Ownership for the DB2SYS resource class only allows for eight characters as with any CA Top Secret general resource. Thus ownership for the DB2SYS(BINDAGENT) resource can only be set up as follows:
TSS ADD(acid) DB2SYS(BINDAGEN)
TSS PER(acid) DB2SYS(priv | BINDAGENT.owner‑id,...)
1‑138 characters
1‑5 system privileges per TSS command.
The administrator can specify any or all of the following privileges: SECADM, SQLADM, SYSDBADM, SYSADM, SYSCTRL, SYSOPR, ACCESSCTRL, ARCHIVE, BINDADD, BINDAGENT, BSDS, CREALIAS, CREDBA, CREDBC, CRESECURE, CRESG, CRETMTAB, DATAACCESS, DISPLAY, EXPLAIN, MONITOR1, MONITOR2, RECOVER, STOPALL, STOSPACE, TRACE.
Note: Unlike other DB2SYS privileges that have global scope, BINDAGENT privilege only grants the holder the bind agent authority for a specific bind object owner.
The administrator can use any of the following methods to control access to system privileges: Expiration, Facility, Time/Day, Actions.
The DB2SYS keyword is used with the following ACID types: User, Profile, DCA, VCA, ZCA, LSCA, SCA, MSCA.
TSS ADMIN(acid) DB2SYS(authority level(s))
Administrators can specify any or all of the following authority levels: OWN, XAUTH, AUDIT, INFO, REPORT, ALL.
The DB2SYS keyword is used with the following ACID types: User, DCA, VCA, ZCA, LSCA, SCA, MSCA.
To give the Investment Department (INVDEPT) ownership of the SYSADM privilege, the administrator enters:
TSS ADD(INVDEPT) DB2SYS(SYSADM)
Ownership of a system privilege is removed by entering:
TSS REMOVE(INVDEPT) DB2SYS(SYSADM)
The administrator wants to authorize USRJIM to create a storage group. He enters:
TSS PERMIT(USRJIM) DB2SYS(CRESG)
To revoke USRJIM's authority to create a storage group, he enters:
TSS REVOKE(USRJIM) DB2SYS(CRESG)
The administrator wants to authorize USRMARK as a bind agent for USEJIM's packages. He enters:
TSS PERMIT(USRMARK) DB2SYS(BINDAGENT.USRJIM)
To revoke USRMARK's authority as USRJIM's bind agent, he enters:
TSS REVOKE(USRMARK) DB2SYS(BINDAGENT.USRJIM)
To give administrator SFTVCA the ability to permit users in his division to system privileges and authorities, and determine which system privileges are owned by the division, the administrator enters:
TSS ADMIN(SFTVCA) DB2SYS(XAUTH,INFO)
To remove SFTVCA's authority for system privileges, the administrator enters:
TSS DEADMIN(SFTVCA) DB2SYS(XAUTH,INFO)
To determine who has access to the privilege to create a storage group, the administrator enters:
TSS WHOHAS DB2SYS(CRESG)
CA Top Secret will respond by displaying all of the ACIDs that have access to this particular system privilege.
To determine who owns the CRESG privilege, the administrator enters:
TSS WHOOWNS DB2SYS(CRESG)
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|