Upgrade Guide for DB2 UDB for z/OS > Database and UI Upgrade Planning > Planning Your Upgrade >
Obtaining Required Security Privileges
For detailed information about security for DB2 UDB for z/OS installations and upgrades, see Implementing Siebel Business Applications on DB2 UDB for z/OS.
In Siebel 7, access privileges to database resources such as tables, views, and triggers are granted to a user group. A user group is a definition within the security package (for example, RACF) that has a common set of users attached to it. Access to the DB2 tables is granted to the user group, and user authentication is performed at the group level. All users belonging to the group are allowed access. All users that are not part of the group are denied access.
The user who executes the upgrade must be a member of a qualified group. To grant this user tableowner privileges, the tableowner must be set up as a qualified group, and the DBA who executes DDLs must be a member of this qualified group. The group ID is the qualifier (for example, RACF group ID).
The Siebel installation process allows the installer to specify the group user name for client access (the default is SSEROLE), and the resulting installation scripts generate the appropriate GRANT statements. GRANT statements for additional security groups that may be required must be created manually.
NOTE: The GRANT statements must be executed by either the tableowner, a database administrator, or a system administrator.
The following privileges are necessary for the user who performs the upgrade:
- Read the DB2 catalog
- Execute stored procedures
- Bind stored procedures
Because each enterprise has specific needs, it is recommended that you discuss your particular situation with your Siebel technical resource.