Creating a RACF group for payroll operations

The Spiffy security plan calls for the creation of a RACF® group for the payroll operations department. DB2USER can define the group and retain its ownership, or it can assign the ownership to an ID that is used by payroll management.

About this task

The owner of the employee table can grant the privileges that the group requires. The owner grants all required privileges to the group ID, with the intent not to revoke them. The primary IDs of new members of the department are connected to the group ID, which becomes a secondary ID for each of them. The primary IDs of members who leave the department are disconnected from the group ID.

Example

The following statement grants the SELECT, INSERT, UPDATE, and DELETE privileges on the PAYDEPT view to the payroll operations group ID PAYOPS:

GRANT SELECT, INSERT, UPDATE, DELETE ON PAYDEPT TO PAYOPS;

This statement grants the privileges without the GRANT OPTION to keep members of payroll operations from granting privileges to other users.