Previous Topic: DB2TABSPNext Topic: DB2TYPE

Protecting ResourcesDB2TRCON

DB2TRCON

Description:

Identifies DB2 trusted contexts.

TSS Commands:

The following TSS commands can be used with the DB2TRCON keyword: CREATE, DELETE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, WHOHAS.

TSS ADDTO/REMOVE

Syntax:

TSS ADD(acid) DB2TRCON(trusted context,…)

Prefix length

2-26 characters

Capacity of list

1-5 DB2 trusted contexts per TSS command.

Authority:

Administrators must have DB2TRCON(OWN) authority.

Masking:

The DB2TRCON resource class supports all masking characters.

Types:

The DB2TRCON keyword is used with the following ACID types: User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, MSCA.

TSS PERMIT/REVOKE

Syntax

TSS PER(acid) DB2TRCON(trusted context,…)

Prefix length

2-26 characters

Trusted context name

1-128 characters

Capacity of list

1-5 trusted contexts per TSS command.

Accesses:

The administrator can specify any or all of the following accesses: ALL, NONE. The default access is ALL

Access Controls:

The administrator can use any of the following methods to control access to trusted contexts: Expiration, Facility, Time/Day, Actions.

Types:

The DB2TRCON keyword is used with the following ACID types: User, Profile, DCA, VCA, ZCA, LSCA, SCA, MSCA.

TSS ADMIN/DEADMIN

Syntax

TSS ADMIN(acid) DB2TRCON(authority level(s))

Authority Levels

Administrators can specify any or all of the following authority levels: OWN, XAUTH, AUDIT, INFO, REPORT, ALL.

Types

The DB2TRCON keyword is used with the following ACID types: User, DCA, VCA, LSCA, ZCA, SCA, MSCA.

TSS ADDTO/REMOVE

To give the Finance Department (FINDEPT) administrative ownership of the trusted context PAYDDF1, the administrator enters:

TSS ADD(FINDEPT) DB2TRCON(PAYDDF1)

Ownership of the trusted context PAYDDF1 is removed by entering:

TSS REMOVE(FINDEPT) DB2TRCON(PAYDDF1)

TSS PERMIT/REVOKE

The administrator wants to give USRMARK DB2 ownership of the trusted context PAYDDF1:

TSS PERMIT(USRMARK) DB2TRCON(PAYDDF1) ACCESS(ALL)

To revoke USRMARK's authority the administrator enters:

TSS REVOKE(USRMARK) DB2TRCON(PAYDDF1) ACCESS(ALL)

TSS ADMIN/DEADMIN

To give administrator FINVCA the ability to assign administrative ownership of trusted contexts, to permit users DB2 ownership of trusted contexts within his scope, and audit the use of trusted contexts owned by the division, the administrator enters:

TSS ADMIN(FINVCA) DB2TRCON(OWN,XAUTH,INFO)

To remove FINVCA's authority for trusted contexts, the administrator enters:

TSS DEADMIN(FINVCA) DB2TRCON(OWN,XAUTH,INFO)

TSS WHOHAS

To determine who has access to the trusted context PAYDDF1, the administrator enters:

TSS WHOHAS DB2TRCON(PAYDDF1)

CA Top Secret will respond by displaying all of the ACIDs that have access to this particular trusted context.

TSS WHOOWNS

To determine who has administrative ownership of the trusted context PAYDDF1, the administrator enters:

TSS WHOOWNS DB2TRCON(PAYDDF1)