Required user ID authorizations

Edit online

To operate IBM® Security Guardium® S-TAP® for Db2, the S-TAP collector agent started task must run under the authority of a Time Sharing Option (TSO) user ID with authorizations.

The collector agent user ID requires Db2® privileges. Grant the collector agent user ID SYSCTRL authority, and the authority to issue the SELECT statements on these tables:

SYSIBM.SYSTABLES
SYSIBM.SYSTABLESPACE
SYSIBM.SYSINDEXES

OMVS segment

The collector agent uses UNIX™ System Services (USS) callable services as the network interface to the appliance. The USS callable services require that an OMVS segment is defined in the RACF® profile for the user ID under which the collector agent job runs. The OMVS segment that is defined for the user ID must contain the following minimum requirements:

A numeric user ID that is assigned to the user
A valid path to an existing home directory
A program name, for example: /bin/sh or /bin/echo for non-shell
A numeric group ID that is assigned to the user's DEFAULT group

To verify that the ID has an OMVS segment in its RACF profile, use the following command:

LU user ID OMVS

To add an OMVS segment to the RACF profile of an ID, refer to this sample command:

ALTUSER user ID
OMVS(UID(nnn)HOME('/u/ user ID)
PROGRAM('/bin/sh')