Authorizations required for Db2 utilities using FlashCopy
Paul_McWilliams 110000JT36 Visits (1087)
The Db2 for z/OS development SWAT team recommends using FlashCopy as a best practice for non-disruptive consistency checks with the Db2 CHECK INDEX, CHECK DATA, CHECK LOB SHRLVL CHANGE utilities. FlashCopy also offers interesting options to optimize the backup and recovery of your Db2 data with System-Level Backups (SLB) and FlashCopy Image Copies (FCIC). However, one of the common obstacles for using FlashCopy with Db2 utilities is missing RACF or equivalent authorizations.
In this post, we summarize the authorizations required for using FlashCopy with the various Db2 utility operations. This content is adapted from a portion of Florence’s SlideShare presentation “Db2
1. When the RACF FACILITY class is active and one of the profiles listed below is defined, the user ID submitting the Db2 utility must have READ access authority to use the indicated commands or keywords, as shown in the following tables.
2. When a Db2 utility calls the DFSMSdss COPY command, the COPY command is executed with the authority of the utility batch address space. That means the user ID that invokes the Db2 utility must have at least the access levels for the source and target data sets shown in the following table.
For COPY FLASHCOPY CONSISTENT, the user ID running the DBM1 address space must have at least UPDATE access level on the FCIC dataset (to allow changes during LOGAPPLY phase).
Special thanks to Claus E. Mikkelsen, whose GSE Nordic Region Conference 2019 presentation “FlashCopy Db2” inspired us to write this post.
Florence Dubois is a Db2 for z/OS development SWAT team member, and Paul McWilliams is an information Developer for Db2 for z/OS.