Re: DB2 and RACF entities

Wed, 15 Jun 2022 13:58:51 -0700 

It's the opposite: I deleted the group from RACF and some job failed.
I quickly re-created the group and connect and restarted job ended OK.
However I want to check out what GRANT or other was issued against the group. Or more generally - I want to find out the groupname in DB2 catalog. 
Not for this group, but for other groups and environments.
Yeah, I should ask DB2 admin...  ;-)

--
Radoslaw Skorupka
Lodz, Poland



W dniu 13.06.2022 o 23:07, Bob Bridges pisze:

RACF doesn't know, so once you've deleted the GRANT from DB2 I don’t know of a 
way to find out what you lost (unless you can get it from a backup).  But there 
are tables in DB2 that list all GRANTs, so you can export those to, say, Excel 
and do some sorting and other munging to get a sensible list.  It's been a 
while, but I did that as part of a project to convert DB2 security to RACF.

When I say "it's been a while", what I mean is that I don't remember what that 
table or those tables were called.  But I was able to find them back then, so I'm sure 
it's documented in DB2 somewhere.

---
Bob Bridges, [email protected], cell 336 382-7313

/* If I try to be like him, who will be like me?  -Yiddish proverb */

-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of 
Radoslaw Skorupka
Sent: Monday, June 13, 2022 16:09

The following scenario: DB2 v12 using pre-RACF (GRANT/REVOKE) security. Of 
course userids and groupids are taken from RACF. There are several groups which 
are candidates to delete as they look as not needed. However some of them have 
DB2 GRANTs, so those groups should not be deleted.

So far, so good. Unfortunately some group was deleted, despite it was used by 
DB2. I don't know details, but AFAIK probably it was something related to SET 
SQL ID or so.

Q: is there any method to find out *all* RACF users and groups used for any 
authorisation in DB2?


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to