In addition to synchronizing the user PUBLIC with authorization PERMITted to the ALL Record, you can use GRANT TO PUBLIC control statements to define resource privileges that, when the resource is synchronized, are granted to the DB2 authorization ID of PUBLIC instead of to individual users. Owners of the resource in CA Top Secret Option for DB2 will still be granted the privilege.
Each GRANT TO PUBLIC control statement defines one resource, or group of resources if masked, and up to five privileges for that resource. Define multiple GRANT TO PUBLIC control statements for a resource if more than five privileges are to be granted to PUBLIC.
Begin each control statement anywhere in columns 1 through 72. You can use columns 73 through 80 for sequence numbers because these columns are ignored. Specify at least one blank between keywords. Specify comments between /* and */ anywhere in columns 2 through 71. Do not continue control statements to a second line; instead, begin again with the control statement on the next line to specify additional user or resource information in a batch.
Here is the format of the GRANT TO PUBLIC control statement:
{BPL(bufferpool|bufferpoolmask) }
{COL(collection|collectionmask) }
{DBS(database|databasemask) }
{FNC(function|functionmask) }
{JAR(jarfile|jarfilemask) }
{PKG(package|packagemask) }
{PLN(plan|planmask) }
{PRIV(privilege[,privilege...]) }
{PRC(procedure|proceduremask) }
{SCH(schema|schemamask) }
{SEQ(sequence|sequencemask) }
{STG(storagegroup|storagegroupmask) }
{SYS(systemprivilege|systemprivilegemask)}
{TBL(table|tablemask) }
{TSP(tablespace|tablespacemask) }
{TYP(type|typemast) }
For resources that have only one privilege, such as buffer pools, storage groups and table spaces, the PRIV keyword can be omitted. In addition, you do not need the PRIV keyword to define system privileges, which are specified by the SYS resource type. Instead, use the name of the system privilege as the resource name. For example, the system privilege SYSADM is defined as SYS(SYSADM). Only one system privilege or system privilege mask can be specified per GRANT TO PUBLIC control statement.
Each control statement and keyword is described in the following:
Identifies the buffer pools that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the collections that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the databases that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the functions that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the Java archive (JAR) files that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword. You must be running DB2 Version 7.1 or higher to specify this keyword, otherwise the job terminates.
Specifies the packages that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the plans that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the privileges for the resource that you are granting public access to. Separate multiple privileges with a comma, but no extra space. You can specify up to five privileges.
Specifies the procedures that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the schemas that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword. You must be running DB2 Version 6.1 or higher to specify this keyword; otherwise, the job terminates.
Specifies the sequences that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to be based on the privileges specified in the PRIV keyword.
Specifies the storage groups that the CA Top Secret Option for DB2 synchronization utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the system privileges and utilities that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to. For a list of DB2 system privileges and utilities that you can specify, see the “What Are DB2 Authorities and Privileges” section in the “Native DB2 Security” chapter. You can use the DB2 (that is, IBM) system privilege or utility or the CA Top Secret Option for DB2 shortened name to specify this keyword.
Specifies the tables that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the table spaces that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Specifies the types that the CA Top Secret Option for DB2 Catalog Synchronization Utility will grant public access to based on the privileges specified in the PRIV keyword.
Suppose you want your synchronization to grant the following system and resource privileges to the DB2 authorization ID PUBLIC:
To provide these privileges to PUBLIC, you can use these GRANT TO PUBLIC control statements in your TSDB2SY2 JCL:
SYS(TRACE) SYS(DISPLAY) TBL(SYSIBM*) PRIV(SELECT) PLN(DSNTIA*) PRIV(EXECUTE) DBS(DEVTEST) PRIV(STATS,STARTDB,STOPDB) STG(TEST*) PRIV(USE)
The PRIV(USE) keyword is optional for the STG statement because storage groups have only one privilege.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|