Implementing Siebel eBusiness Applications on DB2 UDB for z/OS and OS/390 > Security Concepts for z/OS and OS/390 > z/OS and OS/390 Security >

Using a Secondary Authorization ID

The use of a secondary authorization ID significantly reduces administrative tasks associated with database security. The administrator grants privileges only once to a secondary authorization ID rather than to each Siebel eBusiness Applications user.

NOTE:  During the Siebel Database Server installation, on the Installation and Configuration Screen, you will be prompted for a Security Group ID/Grantee. This is the same as a secondary authorization ID.

The Siebel installation process allows installers to specify a secondary authorization ID for client access with the default group of SSEROLE. The installation process generates the appropriate SQL grant statements for that group to allow INSERT, UPDATE, SELECT, and DELETE to application tables. Furthermore, that same group is specified in a SET CURRENT SQLID statement so that reuse of the statement cache is maximized. Therefore, it is important that the selected group be among the list of secondary authorization IDs for all users of the applications.

Grant statements for additional secondary authorization IDs. Secondary authorization IDs must be created separately. Siebel applications include the grantstat.sql script to generate grant statements to grant access to interface tables. For a discussion of the grantstat.sql script, see Granting Table Privileges.

The grant statements must be executed by either the table owner or by users with DBADM or SYSADM privileges.

To disable a grant, issue a revoke statement.