Valid on z/OS.
Use DB2SYS to secure DB2 system privileges and authorities.
When used with TSS ADDTO/REMOVE, this resource class has the following format:
TSS ADDTO(acid) DB2SYS(priv,priv,priv,...)
One to eight characters
One to five DB2 system privileges or prefixes per TSS command
When used with TSS PERMIT/REVOKE, this resource class has the following format:
TSS PERMIT(acid) DB2SYS(priv|BINDAGENT.owner‑id,...)
One to eight characters per prefix
1‑18 characters
One to five system privileges or prefixes per TSS command
DB2SYS is used with:
The administrator can use any of the following methods to control access to system privileges: Expiration, Facility, Time/Day, and Actions.
The administrator can specify the privileges: SYSADM, SYSOPR, BINDADD, BSDS, CREDBC, CRESG, DISPLAY, MONITOR1, MONITOR2, RECOVER, STOPALL, STOSPACE, TRACE, CREALIAS, SYSCTRL, ARCHIVE, and BINDAGENT.
Note: Unlike other DB2SYS privileges that have global scope, the BINDAGENT privilege only grants the holder the bind agent Authority for a specific .
This example gives the Investment Department (INVDEPT) ownership of the SYSADM privilege:
TSS ADDTO(INVDEPT) DB2SYS(SYSADM)
This example removes ownership of a system privilege:
TSS REMOVE(INVDEPT) DB2SYS(SYSADM)
This example authorizes USRJIM to create a storage group:
TSS PERMIT(USRJIM) DB2SYS(CRESG)
This example revokes USRJIM's Authority to create a storage group:
TSS REVOKE(USRJIM) DB2SYS(CRESG)
This example authorizes USRMARK as a bind agent for USRMIKE's packages:
TSS PERMIT(USRMARK) DB2SYS(BINDAGENT.USRMIKE)
This example revokes USRMARK's Authority as USRMIKE's bind agent:
TSS REVOKE(USRMARK) DB2SYS(BINDAGENT.USRMIKE)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|