Granting database administration authority to the Spiffy database with RACF

As with the Db2 security plan for the Spiffy database, the RACF security plan requires that the database administrator does not have all the implicit privileges of DBADM authority.

About this task

Using Db2 security facilities, the Spiffy security planners granted the following privileges administrative privileges to RACF group ID DB2ADMIN:

DBCTRL authority over the DSN8D13A database
The INDEX privilege on all tables in the database except the employee table and the payroll update table
The SELECT, INSERT, UPDATE, and DELETE privileges on certain tables, excluding the employee table and the payroll update table

The security administrator needs to grant the same privileges to the DB2ADMIN group using RACF security.

Example

To allow DBCTRL authority on the DSN8D13A database, and the INDEX, SELECT, INSERT, UPDATE, and DELETE privileges on the project table using RACF security, use the following statements:

RDEFINE DSNADM DB2A.DSN8D13A.DBCTRL UACC(NONE)
RDEFINE MDSNTB DB2A.DSN8D10.PROJ.INDEX UACC(NONE)
RDEFINE MDSNTB DB2A.DSN8D10.PROJ.SELECT UACC(NONE)
RDEFINE MDSNTB DB2A.DSN8D10.PROJ.INSERT UACC(NONE)
RDEFINE MDSNTB DB2A.DSN8D10.PROJ.UPDATE UACC(NONE)
RDEFINE MDSNTB DB2A.DSN8D10.PROJ.DELETE UACC(NONE)
PERMIT DB2A.DSN8D13A.DBCTRL CLASS(DSNADM) ID(DB2ADMIN) ACC(READ)
PERMIT DB2A.DSN8D10.PROJ.INDEX CLASS(MDSNTB) ID(DB2ADMIN) ACC(READ)
PERMIT DB2A.DSN8D10.PROJ.SELECT CLASS(MDSNTB) ID(DB2ADMIN) ACC(READ)
PERMIT DB2A.DSN8D10.PROJ.INSERT CLASS(MDSNTB) ID(DB2ADMIN) ACC(READ)
PERMIT DB2A.DSN8D10.PROJ.UPDATE CLASS(MDSNTB) ID(DB2ADMIN) ACC(READ)
PERMIT DB2A.DSN8D10.PROJ.DELETE CLASS(MDSNTB) ID(DB2ADMIN) ACC(READ)
SETROPTS RACLIST(DSNADM) REFRESH
SETROPTS RACLIST(MDSNTB) REFRESH