|
View previous topic :: View next topic
|
| Author |
Message |
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
Hi,
As a Mainframe system admin how can I give DB2 sys admin access to a user using RACF or any other tool.
Note: I don't want to use any of the DB2 tools to grant the same.
Thanks,
Mandeep |
|
| Back to top |
|
 |
wanderer
Active User
Joined: 05 Feb 2007
Posts: 199
Location: Sri Lanka
|
|
|
|
Unless you are also acting as DB2 subsystem admin, you shouldn't bother ;)
Anyway, create a RACF group. Grant SYSADMIN to that group. Then connect userids to that group using RACF.
DB2 V9 has some new features in this area available in manuals if you want to read. |
|
| Back to top |
|
|
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
But I don't have DB2 SYSADMIN access, how can I give access to a group.  |
|
| Back to top |
|
|
sushanth bobby
Senior Member
Joined: 29 Jul 2008
Posts: 1020
Location: India
|
|
|
|
Mandeep,
How did you find out that you dont have SYSADM access.
By a query like the following
| Code: |
SELECT GRANTOR,GRANTEE,TIMESTAMP,DATEGRANTED,
TIMEGRANTED,GRANTEETYPE,AUTHHOWGOT,ALTERBPAUTH,
BINDADDAUTH,BSDSAUTH,CREATEDBAAUTH,CREATEDBCAUTH,
CREATESGAUTH,DISPLAYAUTH,RECOVERAUTH,
STOPALLAUTH,STOSPACEAUTH,SYSADMAUTH,SYSOPRAUTH,
TRACEAUTH,IBMREQD,MON1AUTH,MON2AUTH,
CREATEALIASAUTH,SYSCTRLAUTH,BINDAGENTAUTH,
ARCHIVEAUTH,CAPTURE1AUTH,CAPTURE2AUTH,
GRANTEDTS,CREATETMTABAUTH
FROM "SYSIBM".SYSUSERAUTH
WHERE (GRANTOR = 'ur id' OR GRANTEE='ur id')
AND AUTHHOWGOT='S'; |
Did you try on the sub-system where your user wants access ?
Sushanth |
|
| Back to top |
|
|
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
Sushanth,
when I execute the above code it gives the below msg:
DSNE106E PLAN DSNESPRR NOT AUTHORIZED FOR SUBSYSTEM SDT1 AND AUTH ID Y120023
*** |
|
| Back to top |
|
|
sushanth bobby
Senior Member
Joined: 29 Jul 2008
Posts: 1020
Location: India
|
|
|
|
Mandeep,
Contact your shop's security administrator with your requirement.
Sushanth |
|
| Back to top |
|
|
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
I am the one who needs to give the acces :P
:|
I can ask one of my colleague in DBA team to give me the access, but as a SYSPROG, I want to know how can I grant the same.
for an instance if someone comes to me for the same, how will I grant him the access. :?: |
|
| Back to top |
|
|
sushanth bobby
Senior Member
Joined: 29 Jul 2008
Posts: 1020
Location: India
|
|
|
|
Mandeep,
| Quote: |
| I don't want to use any of the DB2 tools |
You can use commands to do this, tools just makes you life alot easier.
And the commands differ according to the security tool, RACF has different set of commands & TOP-SECRET has different set of commands(we use this in our shop).
If someone comes asking, i want access as this person, you have query to find out what that person is having access then you have to grant the same.
| Quote: |
| I am the one who needs to give the acces |
Then ask your manager, first to give you access.
Sushanth |
|
| Back to top |
|
|
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
| Thanks Sushanth |
|
| Back to top |
|
|
expat
Global Moderator
Joined: 14 Mar 2007
Posts: 8796
Location: Welsh Wales
|
|
|
|
| Mandeep Kainth wrote: |
I am the one who needs to give the acces I can ask one of my colleague in DBA team to give me the access, but as a SYSPROG, I want to know how can I grant the same.
for an instance if someone comes to me for the same, how will I grant him the access. |
You should not grant access to anyone.
That is the realm of the security group and/or those responsible for the DB infrastructure. i.e. the DBA's.
Although security policies vary from shop to shop, some can be quite austere and you may end up looking for another job very quickly if you just give out access freely.
It is far better to leave access issues to the security group, who know the procedures and practices required to be undertaken before access is granted. |
|
| Back to top |
|
|
Marso
REXX Moderator
Joined: 13 Mar 2006
Posts: 1353
Location: Israel
|
|
|
|
| Mandeep Kainth wrote: |
| how can I give DB2 sys admin access to a user |
| Mandeep Kainth wrote: |
| But I don't have DB2 SYSADMIN access |
No matter how hard you try, you will never be able to give more than you have yourself.
So if you are not an admin, you will not be able to grant admin.
Think about it. |
|
| Back to top |
|
|
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
Marso,
Let me reframe the Q:
As a SYSPROG how can I get a DB2 SYSADM access without the help of a DB2 Admin. |
|
| Back to top |
|
|
wanderer
Active User
Joined: 05 Feb 2007
Posts: 199
Location: Sri Lanka
|
|
|
|
You can't. 
Just because you are sys programmer doesn't mean you will have universal access.
Someone with SYSADM access needs to grant it to you with GRANT authority before you can to someone else.
If no such person exists then it would be person who installed DB2 and has install sysadm access who would give you access first with grant option.
You shouldn't bypass the right people. |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19243
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| I can ask one of my colleague in DBA team to give me the access, but as a SYSPROG, I want to know how can I grant the same. |
If you really believe you should have DBA permissions, suggest a conversation with your management is in order. . .
There is little justification for System Programmers to have DBA permissions. Just as DBAs would not typically have the permissions of the System Programmers. They are quite different responsibilities/disciplines. |
|
| Back to top |
|
|
Mandeep Kainth
New User
Joined: 29 Apr 2009
Posts: 23
Location: Bangalore
|
|
|
|
All,
Thanks for your views... It helped me a lot in understanding the significant role of a DBA.
Thanks! |
|
| Back to top |
|
|
|
|
