The following sections provide a more detailed description of each of the Catalog Synchronization Utility components. These components are described in the order in which they are run.
TSSRECVR
TSDB2SY1
TSDB2SY2
TSDB2SY3
The TSSRECVR component is the standard CA Top Secret Recovery Utility. It is used to extract the CA Top Secret commands (PERMIT, REVOKE, DELETE, and so on.) that change the Security File. To use the Recovery Utility, you specify the date and time you wish to start extracting “change” information. The CA Top Secret commands are then used as input to TSDB2SY1.
If you are using an incremental synchronization to synchronize the catalog, use the TSDB2SY1 component to create synchronization control statements for the TSDB2SY2 component. This job uses CA Top Secret commands extracted by TSSRECVR to identify changes to users and CA Top Secret Option for DB2 authorizations that should be included in the synchronization. It also queries the DB2 catalog looking for newly created resources. Then it creates synchronization control statements, appropriate for your release of DB2, that identifies the users and resources to synchronize.
TSDB2SY1 processes the CA Top Secret commands and generates two different groups or batches of synchronization control statements for the synchronization. This allows the TSDB2SY2 component to handle ACID changes differently from authorization changes and newly created resources. The first batch processes new users by correlating the users with all DB2 resources. The second batch processes authorization changes and newly created resources by correlating all users with a specific DB2 resource name. For example, a new user (USER8) added to the system causes CA Top Secret Option for DB2 to generate the following synchronization control statements:
INCLUDE BPL(*) DBS(*) COL(*) PKG(*) PLN(*) INCLUDE STG(*) SYS(*) TBL(*) TSP(*) INCLUDE FNC(*) PRC(*) SCH(*) TYP(*) INCLUDE JAR(*) INCLUDE SEQ(+) INCLUDE USER(USER8)
Note: The following statement is only generated for DB2 subsystems at DB2 Version 7.1 or above:
INCLUDE JAR(*)
The following statement is only generated for DB2 subsystems at DB2 version 8.1 or above:
INCLUDE SEQ(+)
A changed CA Top Secret Option for DB2 authorization for the DB2P database and a new table, PAYROLL.BONUS, in the DB2 catalog generates the following INCLUDE statements:
INCLUDE USER(*) INCLUDE DBS(DB2P) INCLUDE TBL(PAYROLL.BONUS)
The utility writes the generated synchronization control statements to the SYNCHOUT data set. For an example of these control statements, to the TSDB2SY1 Incremental Function Report, later in this chapter. You can edit this data set to add options or to limit the users and resources included in the incremental synchronization. For example, if you do not want to synchronize buffer pools and storage groups at this time, you can edit the SYNCHOUT data set in either of the following ways:
If your incremental synchronization runs automatically, you can write an edit macro that will automatically modify the SYNCHOUT data set. To do this, use the sample job, CLIST, and edit macros that are provided on the installation tape. They are located in member SY1FLTR, SY1CMD, and SY1EDMAC in the sample JCL library. Move members SY1CMD and SY1EDMAC to your CLIST library. TSDB2SY1 does not generate any of the following TSDB2SY2 control operands:
If you are running in a selective or incremental process, use the TSDB2SY2 component to process the synchronization control statements, created by TSDB2SY1 or by you, and generates SQL GRANT and REVOKE statements. The synchronization control statements consist of one or more batches of INCLUDE and EXCLUDE statements. These statements determine which users and resources are to be selected for synchronization. A comparison is made between authorizations in the DB2 catalog and CA Top Secret Option for DB2 for the selected users and resources. SQL GRANT and REVOKE statements are generated based on the differences found during this comparison. The following topics describe this process in more detail.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|