|
Implementing Siebel Business Applications on DB2 UDB for z/OS > Security Concepts for z/OS >
Required Authorizations
Table 4 lists the authorizations that are necessary in implementing Siebel Business Applications on DB2 for z/OS.
Table 4. DB2 Authorizations Required to Implement Siebel Business Applications
|
|
|
Alter a buffer pool. |
SYSADM, SYSCTRL, SYSOPR |
ALTER BUFFERPOOL (BP32K1) VPSIZE(4000); |
Grant use of a buffer pool. |
SYSADM, SYSCTRL |
GRANT USE OF BUFFERPOOL BP32K1 TO PUBLIC; |
Grant CREATEIN for triggers. |
SYSADM, SYSCTRL |
GRANT CREATEIN ON SCHEMA SIEBTO; |
Create a storage group. |
SYSADM, SYSCTRL |
CREATE STOGROUP SIEBEL VOLUMES('*') VCAT SIEBEL; |
Grant use of a storage group. |
SYSADM, SYSCTRL |
GRANT USE OF STOGROUP SIEBEL TO PUBLIC; |
Grant CREATEDBA and DBADM authority. |
SYSADM, SYSCTRL |
GRANT CREATEDBA TO SIEBTO; |
Create a database. |
SYSADM, SYSCTRL, CREATEDBA, CREATEDBC |
SET CURRENT SQLID='SIEBTO'; CREATE DATABASE SIDB0001 CCSID ASCII BUFFERPOOL BP1;
|
Alter a table space. |
DBADM, SYSADM, SYSCTRL |
ALTER TABLESPACE D0010002.H0677000 BUFFERPOOL BP16K0;
|
Create a table space. |
SYSADM, SYSCTRL, DBADM, DBCTRL, DBMAINT, CREATETS |
SET CURRENT SQLID='SIEBTO'; CREATE TABLESPACE H1004000 IN SIDB1004 USING STOGROUP SIEBEL PRIQTY 720 SECQTY 720 BUFFERPOOL BP32K1 SEGSIZE 64 COMPRESS YES LOCKSIZE PAGE;
|
Modify DB2 Connect package (if package already exists). |
DBADM, SYSADM, BIND privilege on the package, ALTERIN privilege on the schema |
BIND
c:\sqllib\bnd\@ddcsmvs.lst COLLECTION SIEBEL BLOCKING ALL DYNAMICRULES BIND OWNER SIEBTO QUALIFIER SIEBTO SQLERROR CONTINUE
|
Add DB2 Connect package (if a package does not already exist). |
DBADM, SYSADM, BINDADD privilege, and IMPLICIT_SCHEMA authority on the database if the schema name does not exist CREATIN privilege on the schema if the schema name of the package exists |
BIND
c:\sqllib\bnd\@ddcsmvs.lst COLLECTION SIEBEL BLOCKING ALL DYNAMICRULES BIND OWNER SIEBTO QUALIFIER SIEBTO SQLERROR CONTINUE
|
Alter a table. |
DBADM, SYSADM, SYSCTRL |
ALTER TABLE SIEBTO.S_CONTACT
ALTER COLUMN COMMENTS
SET DATA TYPE VARCHAR (100);
|
Create a table. |
SYSADM, SYSCTRL, DBADM, DBCTRL, DBMAINT, CREATETAB |
SET CURRENT SQLID='SIEBTO'; CREATE TABLE S_SSA_ID,(...)IN SIDB1932.H1932000;
|
Alter an index. |
DBADM, SYSADM, SYSCTRL |
ALTER INDEX SIEBTO.S_CONTACT_U1 BUFFERPOOL BP30;
|
Create an index. |
SYSADM, SYSCTRL, DBADM, DBCTRL |
SET CURRENT SQLID='SIEBTO';CREATE UNIQUE INDEX S_SSA_ID_P1 ON S_SSA_ID(ROW_ID)USING STOGROUP SIEBEL PRIQTY 720 SECQTY 720 DEFINE NO CLOSE YES PCTFREE 30 BUFFERPOOL BP2;
|
Grant CREATE or PACKADM for stored procedures. |
SYSADM, SYSCTRL |
GRANT CREATE ON COLLECTION SIEBINST TO SIEBDBA;
|
Grant BINDADD. |
SYSADM, SYSCTRL |
GRANT BINDADD TO SIEBDBA;
|
Grant SELECT on catalog tables. |
SYSADM, SYSCTRL |
GRANT SELECT ON SYSIBM.SYSTABLES TO SIEBTO;
|
Create User-Defined Functions |
SYSADMIN, DBADM |
CREATE FUNCTION SIEBEL.NEXTSEQ (INTEGER)
RETURNS SYSIBM.INTEGER
SPECIFIC SIEBEL.NEXTSEQ
EXTERNAL NAME 'NEXTSEQ'
LANGUAGE C
PARAMETER STYLE DB2SQL
NOT DETERMINISTIC
FENCED RETURNS NULL ON NULL INPUT
NO SQL
NO EXTERNAL ACTION
SCRATCHPAD 100
NO FINAL CALL
DISALLOW PARALLEL
NO DBINFO
WLM ENVIRONMENT DB27WLM
STAY RESIDENT NO
PROGRAM TYPE SUB
SECURITY DB2
INHERIT SPECIAL REGISTERS
|
Table 5 lists the authorizations that users of Siebel Business Applications might need. Your enterprise may have unique role names that it assigns with the authorities listed in this table. Therefore, the role names in Table 5 are examples only.
Table 5. Authorizations Needed by Siebel Application Users
|
|
|
|
Performing the following actions on Siebel tables:
- Delete
- Insert
- Select
- Update
|
Siebel group ID (for example, SSEROLE group) |
Table privileges granted automatically as part of installation |
GRANT ALL ON TABLE S_SSA_ID TO SSEROLE;
|
Setting the current SQL ID |
Schema qualifier group or individual ID |
Owns the schema objects (created by DBADM) that are used during the installation of the Siebel product |
SET CURRENT SQLID='SIEBTO';
|
Performing server functions, such as:
- Runstats
- Generate triggers
|
Siebel administrator group |
- Member of the generic user role
- Actual member of the RACF (or other security package) group, selected to act as administrator
SIEBDBA
|
RUNSTATS TABLESPACE D0010677.H0677000 TABLE(SIEBEL.S_CONTACT)FREQVAL COUNT 10
CREATE TRIGGER SIEBEL.PTH0477 NO CASCADE BEFORE INSERT ON SIEBEL.S_ASSET SET N.PARTITION_COLUMN = RIGHT (N.ROW_ID, 2); END |
NOTE: SSEROLE and SADMIN are Siebel defaults for the Siebel user group and the Siebel administrator. However, you can change these names to meet your organization's naming conventions.
|
