These utilities convert the contents of the SYSIBM.SYSxxxAUTH tables to equivalent RACF profiles. These RACF profiles are the profiles that are used with the RACF/DB2 External Security Module, which is intended for use as the DB2 Access Control Exit.
Users of this utility must have SELECT authority to every SYSIBM.SYSxxxAUTH table. In order to execute the CLIST generated by the utility you must have either:
- the SPECIAL attribute or
- class authority (CLAUTH) to all applicable classes AND you must be the OWNER of the new profiles or the OWNER must be within the scope of a group to which you have Group-Special.
There are three versions of this utility:
- RACFDB2/RXSQL, which requires the RXSQL product (product 5764-074),
RACFDB2/BatchPipes, which requires the BatchPipes or MVS Pipes product, and
RACFDB2 for V6/V7, which requires either DB2 Version 6 or DB2 Version 7.
Each version of RACFDB2 has one EXEC, one set of JCL, and one documentation file.
The utility does not execute any RACF commands, it only generates them and writes them to a CLIST.
The utility operates by:
- Finding all privileges or resources which must be protected and generating RDEF commands for those. Note that AUDIT(ALL(READ)) is generated for all commands from RSXADM.
- Determining whether the privileges or resources were granted to PUBLIC and changing the UACC to READ in this case. Note the author does not check for PUBLIC being granted with the GRANT option.
- Determine all authorization IDs without GRANT and generates a PERMIT with ACCESS(READ).
- Determine all authorization IDs with GRANT and generates a PERMIT with ACCESS(ALTER). Since the profiles are generally discrete, ALTER access gives the ability to 'grant' others access. The utility does NOT use the grouping classes. We recommend that you evaluate the possibility of combining profiles into grouping profiles to ease administration.
We welcome your comments and questions on the RACFDB2 Utility. Please direct them to the RACF-L mailing list. Subscription information for RACF-L can be found from the
RACF-L Discussion List page.
This program contains code made available by IBM Corporation on an "AS-IS" basis. Any one receiving this program is considered to be licensed under IBM copyrights to use the IBM-provided code in any way he or she deems fit, including copying it and redistributing it, except that it may be neither sold nor incorporated within a product that is sold. No license under any IBM patents or patent applications is to be implied from this copyright license.
The software is provided "as-is", and IBM disclaims all warranties, express or implied, including but not limited to implied warranties of merchantability or fitness for a particular purpose.
This page was last updated November 2005.