Authority to operate in batch mode

Certain QMF and Db2® authorizations are required to submit a batch job.

To begin granting these authorizations to users who need them, first determine the logon ID and Db2 primary authorization ID under which your job will be running:
  • If your site uses RACF®, the logon ID is the value of the USER parameter on your JOB statement. The Db2 primary authorization ID is the one corresponding to that logon ID.
  • If your site does not use RACF, the logon ID and primary authorization ID are determined in the JCL to execute a batch job.
The logon ID and authorization ID play the same role as when you use QMF interactively. As a result, the procedure runs only if the following conditions are satisfied:
  • You can operate QMF interactively using the logon ID for the batch run.

    Users with authority to use QMF interactively and run jobs in the background can also use it in batch mode.

  • The authorization ID corresponding to the logon ID owns the procedure to be run, or that procedure is shared.

In running the procedure's commands, the authorization ID works interactively. However, not every QMF command that can be run interactively can be run in batch mode.

RACF security considerations

If RACF is a part of your security, you can prevent users from running jobs under other users’ logon IDs. A user who runs such a job can access all the Db2 data that the other user has access to, including data that the user running the job is not authorized to see.