Previous Topic: Familiarizing Yourself With A Selective SynchronizationNext Topic: How Can I Streamline Synchronization?

Using the Catalog Synchronization UtilityImplementation ConsiderationsFamiliarizing Yourself With An Incremental Synchronization

Familiarizing Yourself With An Incremental Synchronization

The following sections provide the information you need to become familiar with an incremental synchronization. There are two stages to this learning process:

Basic Process

An incremental synchronization is used to synchronize only the changes made to CA Top Secret Option for DB2 and to synchronize newly created resources in the DB2 catalog. As we discussed earlier, this process consist of the execution of four programs: TSSRECVR, TSDB2SY1, TSDB2SY2, and TSDB2SY3. The first two programs, TSSRECVR and TSDB2SY1, provide an automated way of generating TSDB2SY2 synchronization control statements to selectively synchronize users and resources that contain authorization changes in CA Top Secret Option for DB2 and to synchronize newly created resources in the DB2 catalog. The last two programs, TSDB2SY2 and TSDB2SY3, are used for a selective synchronization.

The following steps outline information needed to familiarize yourself with the incremental synchronization process.

  1. ADD a user, PERMIT/REVOKE DB2 permissions for a user and/or profile, and create a resource in the DB2 catalog which has security predefined in CA Top Secret Option for DB2
  2. Run the TSSRECVR program to extract the changes made to CA Top Secret Option for DB2. Next, run TSDB2SY1 to generate the TSDB2SY2 synchronization control statements. Finally, review the TSDB2SY1 report to find out what users and resources are to be synchronized based upon the changes you made. Notice, however, that the first batch of control statements is for new users and the second batch of control statements is for DB2 resource authorization changes and newly created resources.

Scheduling and Tailoring An Incremental Synchronization

Now that you have a basic understanding of how the incremental synchronization process works, let us take a look at the scheduling and tailoring process.

As we discussed earlier in the Basic Process section, the TSDB2SY1 program generates standard TSDB2SY2 synchronization control statements. You might notice as you go through these control statements that the program might have selected users and resources that you do not need to synchronize in your environment. For example, when a user is added, all resources are selected for synchronization for that user. However, in your environment, you might only need table resources synchronized. Therefore, you would like to exclude all other resources from the incremental process. When an authorization change is made for a resource, all users are selected for synchronization. You might not want all users in your Security File to be synchronized, just those who have DB2PROF1, DB2PROF2, or DB2PROF3 profiles. Therefore, you must modify the generated TSDB2SY2 control statements. You might also like to schedule the synchronization to run on a scheduled basis.

The scheduling and tailoring of an incremental synchronization is described in the following steps:

  1. Determine which users must be synchronized and how to identify them. For example, users who have DB2PROF1 profile or DB2PROD facility.
  2. Determine which resources or resource types must be synchronized. For example, only table resources or only table resources that start with ABC.
  3. Determine which options you want to use for TSDB2SY2. The generated synchronization control statements for TSDB2SY2 do not specify the OPTIONS keyword or the VIEW statement. For more information about the VIEW statement, see the “Views” section. If you want to use either of these for an incremental synchronization, you must add them yourself. You can do this as part of the next step.
  4. Determine the best way to modify the generated synchronization control statements for TSDB2SY2 on a scheduled basis. A sample job (SY1FLTR), clist (SY1CMD), and edit macro (SY1EDMAC) are provided on the installation tape in the CAI.SAMPJCL library. To use these samples, move the SY1CMD and SY1EDMAC members to your CLIST library. This lets you tailor the sample jobs to perform your modifications in an automated way. Schedule the SY1FLTR job to run between the TSDB2SY1 and TSDB2SY2 jobs (or job steps).

    For example, if you only need to synchronize table resources, you can insert EXCLUDE statements for all other resource types before the two GO statements.

  5. Determine when you want the incremental synchronization to be scheduled and how you can schedule it. Decide whether you need it on a daily, weekly, or monthly basis. If you have a scheduling package, such as CA‑7, this will automate your scheduling process.