InfoSphere Optim

 View Only
  • 1.  DB2 z/os permissions

    Posted Fri January 20, 2023 04:18 PM

    We are trying to create a DB Alias for a DB2 z/OS database. When it gets to the bind step it fails with the following errors (note I've replaced my userid with x's):

     

            SQL0020W  The bind or precompile command parameters or

                      parameter values in the following list were ignored because

                      they are not supported by the target database: "INSERT".

            SQL0551N  The statement failed because the authorization ID

                      does not have the required authorization or privilege to

                      perform the operation.  Authorization ID: "xxxxxxxx". 

                      Operation: "CREATE IN". Object:

                      "SKAISER_TESTDSNB.xxxxxxxx.PN0CD480.()".  SQLSTATE=42501

     

    We were told by Estuate that we need the following permissions on the database:

     

    GRANT BINDADD TO userid

    GRANT CREATE ON COLLECTION * TO userid

     

    In the past, those permissions have been provided to an individual userid. However, our DBA doesn't support that option anymore.

     

    Questions:

     

    1. Are the permissions indicated above sufficient to create the DB Alias?

    2. Can permissions on the DB2 database be granted to a RACF group which my user ID is associated with, or do they need to be granted to an individual userid?

     

     

    Thanks,

     

    Mark Crawford
    Principal IT Engineer Applications

    Enterprise Business Services - IT Operations 

    Enterprise Platform Services (EPS)

    Enterprise Environments (EE) Compliance Data Delivery (CDD)

     

    Cell: 925-788-5895
    Email:  Mark.Crawford@kp.org

    ServiceNow Group: EOT APP ENV MGMT

     

    Enterprise Environments (EE) Website

     

    NOTICE TO RECIPIENT:  If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents.  If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. v.173.295  Thank you.



  • 2.  RE: DB2 z/os permissions

    Posted Mon January 23, 2023 09:32 AM
    Hi Mark,

    1. Are the permissions indicated above sufficient to create the DB Alias?
    Yes

    2. Can permissions on the DB2 database be granted to a RACF group which my user ID is associated with, or do they need to be granted to an individual userid?

    Yes, permissions can granted to a RACF-group


    Kind regards,

    ------------------------------
    FriedrichPfneisl
    Sr. Technical Consultant
    ABMartin
    Phone +43 664 618 6320
    fpfneisl@abmartin.com
    ------------------------------



  • 3.  RE: DB2 z/os permissions

    Posted Wed January 25, 2023 04:00 AM

    Hi Mark.

    For both questions the answer is Yes.

    Please keep in mind, you have to authorize the RACF-Group in Db2 for every "Object" that will need 
    GRANT CREATE ON COLLECTION * TO RACF-GROUP

    The advantage here ist that DBA's doesn't have the need to this for every Uid any more.
    Now you can GRANT/REVOKE this authorization by adding/deleting the Uid in RACF.

    regards michael



    ------------------------------
    Michael Beermann
    ------------------------------