Authorizing Db2 IDs to use data set profiles

Authorization IDs with the installation SYSADM or installation SYSOPR authority need access to most Db2 data sets.

About this task

The following command adds the two default IDs that have the SYSADM and SYSOPR authorities if no other IDs are named when Db2 is installed:

ADDUSER (SYSADM SYSOPR)

The next two commands connect those IDs to the groups that control data sets, with the authority to create new RACF® database profiles. The ID that has the installation SYSOPR authority (SYSOPR) does not need that authority for the installation data sets.

CONNECT (SYSADM SYSOPR)  GROUP(DSNC111) AUTHORITY(CREATE) UACC(NONE)
CONNECT (SYSADM)         GROUP(DSN1210)  AUTHORITY(CREATE) UACC(NONE)

The following set of commands gives the IDs complete control over DSNC111 data sets. The system administrator IDs also have complete control over the installation libraries. Additionally, you can give the system programmer IDs the same control.

PERMIT 'DSNC111.LOGCOPY*' ID(SYSADM SYSOPR) ACCESS(ALTER)
PERMIT 'DSNC111.ARCHLOG*' ID(SYSADM SYSOPR) ACCESS(ALTER)
PERMIT 'DSNC111.BSDS*'    ID(SYSADM SYSOPR) ACCESS(ALTER)
PERMIT 'DSNC111.DSNDBC.*' ID(SYSADM SYSOPR) ACCESS(ALTER)
PERMIT 'DSNC111.*'        ID(SYSADM SYSOPR) ACCESS(ALTER)
PERMIT 'DSN1210.*'         ID(SYSADM)        ACCESS(ALTER)