Granting authorization on Db2 commands

IDs must be authorized to issue Db2 commands. If you authorize IDs by issuing Db2 GRANT statements, the GRANT statements must be made to a primary authorization ID, a secondary authorization ID, a role, or PUBLIC.

About this task

When RACF® is used for access control, an ID must have appropriate RACF authorization on Db2 commands or must be granted authorization for Db2 commands to issue commands from a logged-on MVS console or from TSO SDSF.

Procedure

To ensure that an ID can issue Db2 commands from logged-on MVS consoles or TSO SDSF, choose one of the following:

Grant authorization for Db2 commands to the primary, secondary authorization ID, or role.
Define RACF classes and permits for Db2 commands.
Grant SYSOPR authority to appropriate IDs.