DB2SYS Resource Class—Secure DB2 Privileges and Authorities

Resources › DB2SYS Resource Class—Secure DB2 Privileges and Authorities

DB2SYS Resource Class—Secure DB2 Privileges and Authorities

Valid on z/OS.

Use DB2SYS to secure DB2 system privileges and authorities.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) DB2SYS(priv,priv,priv,...)

Prefix length: One to eight characters
Capacity of list: One to five DB2 system privileges or prefixes per TSS command

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) DB2SYS(priv|BINDAGENT.owner‑id,...)

Prefix length: One to eight characters per prefix
Full name: 1‑18 characters
Capacity of list: One to five system privileges or prefixes per TSS command

DB2SYS is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS
The DB2SYS ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
The DB2SYS ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
DB2SYS(OWN) Authority

The administrator can use any of the following methods to control access to system privileges: Expiration, Facility, Time/Day, and Actions.

The administrator can specify the privileges: SYSADM, SYSOPR, BINDADD, BSDS, CREDBC, CRESG, DISPLAY, MONITOR1, MONITOR2, RECOVER, STOPALL, STOSPACE, TRACE, CREALIAS, SYSCTRL, ARCHIVE, and BINDAGENT.

Note: Unlike other DB2SYS privileges that have global scope, the BINDAGENT privilege only grants the holder the bind agent Authority for a specific