Bookshelf v7.7: Required Authorizations

Table 4 lists the authorizations that are required by a DB2 database administrator or system programmer to implement Siebel eBusiness Applications on DB2 UDB for z/OS and OS/390.

Table 4. Authorizations Needed by DB2 Database Administrators
Task	Authorization Required	Task Command Example
Alter a buffer pool.	SYSADM, SYSCTRL, SYSOPR	ALTER BUFFERPOOL (BP32K1) VPSIZE(4000);
Grant use of a buffer pool.	SYSADM, SYSCTRL	GRANT USE OF BUFFERPOOL BP32K1 TO PUBLIC;
Grant CREATEIN for triggers.	SYSADM, SYSCTRL	GRANT CREATEIN ON SCHEMA SIEBTO;
Create a storage group.	SYSADM, SYSCTRL	CREATE STOGROUP SIEBEL VOLUMES('*') VCAT SIEBEL;
Grant use of a storage group.	SYSADM, SYSCTRL	GRANT USE OF STOGROUP SIEBEL TO PUBLIC;
Grant CREATEDBA and DBADM authority.	SYSADM, SYSCTRL	GRANT CREATEDBA TO SIEBTO;
Create a database.	SYSADM, SYSCTRL, CREATEDBA, CREATEDBC	SET CURRENT SQLID='SIEBTO'; CREATE DATABASE SIDB0001 CCSID ASCII BUFFERPOOL BP1;
Alter a table space.	DBADM, SYSADM, SYSCTRL	ALTER TABLESPACE D0010002.H0677000 BUFFERPOOL BP16K0;
Create a table space.	SYSADM, SYSCTRL, DBADM, DBCTRL, DBMAINT, CREATETS	SET CURRENT SQLID='SIEBTO'; CREATE TABLESPACE H1004000 IN SIDB1004 USING STOGROUP SIEBEL PRIQTY 720 SECQTY 720 BUFFERPOOL BP32K1 SEGSIZE 64 COMPRESS YES LOCKSIZE PAGE;
Modify DB2 Connect package (if package already exists).	DBADM, SYSADM, BIND privilege on the package, ALTERIN privilege on the schema	BIND c:\sqllib\bnd\@ddcsmvs.lst COLLECTION SIEBEL BLOCKING ALL DYNAMICRULES BIND OWNER SIEBTO QUALIFIER SIEBTO SQLERROR CONTINUE
Add DB2 Connect package (if a package does not already exist).	DBADM, SYSADM, BINDADD privilege, and IMPLICIT_SCHEMA authority on the database if the schema name does not exist CREATIN privilege on the schema if the schema name of the package exists	BIND c:\sqllib\bnd\@ddcsmvs.lst COLLECTION SIEBEL BLOCKING ALL DYNAMICRULES BIND OWNER SIEBTO QUALIFIER SIEBTO SQLERROR CONTINUE
Alter a table.	DBADM, SYSADM, SYSCTRL	ALTER TABLE SIEBTO.S_CONTACT ALTER COLUMN COMMENTS SET DATA TYPE VARCHAR (100);
Create a table.	SYSADM, SYSCTRL, DBADM, DBCTRL, DBMAINT, CREATETAB	SET CURRENT SQLID='SIEBTO'; CREATE TABLE S_SSA_ID,(...)IN SIDB1932.H1932000;
Alter an index.	DBADM, SYSADM, SYSCTRL	ALTER INDEX SIEBTO.S_CONTACT_U1 BUFFERPOOL BP30;
Create an index.	SYSADM, SYSCTRL, DBADM, DBCTRL	SET CURRENT SQLID='SIEBTO';CREATE UNIQUE INDEX S_SSA_ID_P1 ON S_SSA_ID(ROW_ID)USING STOGROUP SIEBEL PRIQTY 720 SECQTY 720 DEFINE NO CLOSE YES PCTFREE 30 BUFFERPOOL BP2;
Grant CREATE or PACKADM for stored procedures.	SYSADM, SYSCTRL	GRANT CREATE ON COLLECTION SIEBINST TO SIEBDBA;
Grant BINDADD.	SYSADM, SYSCTRL	GRANT BINDADD TO SIEBDBA;
Grant SELECT on catalog tables.	SYSADM, SYSCTRL	GRANT SELECT ON SYSIBM.SYSTABLES TO SIEBTO;

Table 5 lists authorizations that might be needed by users of Siebel eBusiness Applications. Your enterprise might have unique role names it assigns with the authorities listed below. Therefore, the sample role names are offered as examples only.

Table 5. Authorizations Needed by Siebel Application Users
Task	Role	Authorization Required	Task Command Example
Performing the following actions on Siebel tables: Delete Insert Select Update	Siebel group ID (for example, SSEROLE group)	Table privileges granted automatically as part of installation	`GRANT ALL ON TABLE S_SSA_ID TO SSEROLE;`
Setting the current SQL ID	Schema qualifier group or individual ID	Owns the schema objects (created by DBADM) that will be used during the installation of the Siebel product	`SET CURRENT SQLID='SIEBTO';`
Performing server functions such as: Runstats Generate triggers	Siebel administrator group	Member of the generic user role Actual member of the RACF (or other security package) group, selected to act as administrator	`SIEBDBA`