Bookshelf Home | Contents | Index | PDF     

Implementing Siebel Business Applications on DB2 UDB for z/OS > Security Concepts for z/OS > Data Transmission Security for Siebel Clients >

Granting SELECT Authority to Access the DB2 Catalog

Siebel Business Applications access the DB2 catalog to validate installation inputs.

To grant appropriate users access privileges to the DB2 catalog, the system administrator must grant SELECT authority on certain catalog tables to users of the Siebel database and to users of the installation or upgrade utility.

  • Siebel Database users (also known as privileged users who make changes to the Siebel database) require SELECT authority for SYSIBM.SYSTABLES.
  • Database Server installation or upgrade users require SELECT authority for the following tables:
    • SYSIBM.SYSAUXRELS
    • SYSIBM.SYSCOLUMNS
    • SYSIBM.SYSDATABASE
    • SYSIBM.SYSINDEXES
    • SYSIBM.SYSKEYS
    • SYSIBM.SYSROUTINES
    • SYSIBM.SYSSTOGROUP
    • SYSIBM.SYSTABLESPACE
    • SYSIBM.SYSTABLES
    • SYSIBM.SYSTABLEPART
    • SYSIBM.SYSTRIGGERS

To grant SELECT authority to access the DB2 Catalog

  • Use this command:

    GRANT AUTHORITY_TYPE ON TABLE TABLENAME TO USER;

    For example, to grant SELECT authority on the table SYSIBM.SYSTABLES to SSEROLE, use the following command:

    GRANT SELECT ON TABLE SYSIBM.SYSTABLES TO SSEROLE;

Granting UPDATE Authority to Update DB2 Catalog Statistics

To give appropriate users the authority to update catalog statistics using the loadstat.sql script, the system administrator must grant UPDATE authority to installation or upgrade users for the following tables:

  • SYSIBM.SYSCOLUMNS
  • SYSIBM.SYSINDEXES
  • SYSIBM.SYSINDEXSTATS
  • SYSIBM.SYSKEYS
  • SYSIBM.SYSTABLES
  • SYSIBM.SYSTABLESPACE
  • SYSIBM.SYSTABSTATS

The loadstat.sql script is located in the dbsrvr/db2390 directory, which is created during the database server installation. For information on using this script, see Loading Statistics.

NOTE:  Updating DB2 catalog statistics is optional.

Granting Authorization to Views in DB2 for z/OS v8

GRANT VIEW statements can fail on DB2 for z/OS v8 if you use an external security manager, such as RACF, to protect DB2 resources, and internal security authorizations are not also in place. Such failure may occur because—when a GRANT VIEW statement is issued on DB2 for z/OS v8—DB2 only carries out internal database security checks before giving authorization to the view. If an internal security mechanism defining privileges to views does not exist, because these privileges are defined using an external security manager, the GRANT VIEW statement fails.

This process does not occur on DB2 for z/OS v7 and is not carried out when GRANT statements for tables are issued.

Siebel Systems issues GRANT VIEW statements only in the ddlview.sql file; this contains the DDL to create the Siebel Schema.

    
Implementing Siebel Business Applications on DB2 UDB for z/OS