The ADB2ATH and ADB2UTIL programs and TSO commands must be APF authorized to use them
within Db2 Admin Tool. If the SADBLINK library,
which contains ADB2ATH and ADB2UTIL, is not APF authorized, you must copy these modules to an
APF-authorized library.
About this task
The ADB2ATH program is used when the Db2 security exit type (:secexit.) is specified as AUTH. The ADB2UTIL program is used when the
ADBTEP2 program runs Db2
utilities.
Procedure
To update the APF authorization table:
Copy ADB2ATH and ADB2UTIL from high-level.SADBLINK to an
APF-authorized library.
If the APF-authorized library is not in the system link list, it
must be registered as the Admin Tool APF Library on the Product Parameters
(CCQPPRD) panel.
Using two different versions of Db2 Admin Tool on the same Db2 subsystem: If you are
installing and running two or more different releases of Db2 Admin Tool on the same Db2 subsystem, ensure that you use the ADB2ATH and
ADB2UTIL authorized programs from the product tape for the higher release when you copy them to the
APF-authorized library in your system link
list.
If you plan to use Db2 High Performance Unload
(HPU) in a work statement list (WSL), also authorize
the HPU main program, INZUTILB by ensuring
it is in an APF-authorized library.
Modify SYS1.PARMLIB(IKJTSOxx) and add programs ADB2ATH and ADB2UTIL to
both the AUTHPGM and AUTHTSF sections, as shown in the following figure:
This action ensures that the TSO service facility invokes ADB2ATH and ADB2UTIL as authorized
programs.
If plan to
use HPU in a WSL, also add INZUTILB to the
AUTHPGM and AUTHTSF sections.
Activate the changes at the next IPL or immediately by issuing the following TSO/E
command: