RACF doesn't know, so once you've deleted the GRANT from DB2 I don’t know of a way to find out what you lost (unless you can get it from a backup). But there are tables in DB2 that list all GRANTs, so you can export those to, say, Excel and do some sorting and other munging to get a sensible list. It's been a while, but I did that as part of a project to convert DB2 security to RACF.
When I say "it's been a while", what I mean is that I don't remember what that table or those tables were called. But I was able to find them back then, so I'm sure it's documented in DB2 somewhere. --- Bob Bridges, [email protected], cell 336 382-7313 /* If I try to be like him, who will be like me? -Yiddish proverb */ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Radoslaw Skorupka Sent: Monday, June 13, 2022 16:09 The following scenario: DB2 v12 using pre-RACF (GRANT/REVOKE) security. Of course userids and groupids are taken from RACF. There are several groups which are candidates to delete as they look as not needed. However some of them have DB2 GRANTs, so those groups should not be deleted. So far, so good. Unfortunately some group was deleted, despite it was used by DB2. I don't know details, but AFAIK probably it was something related to SET SQL ID or so. Q: is there any method to find out *all* RACF users and groups used for any authorisation in DB2? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
