Implementing Siebel Business Applications on DB2 for z/OS > Security Concepts for a DB2 for z/OS Environment >
Required Authorizations
This topic lists the DB2 authorizations required to install and configure the Siebel database on DB2 for z/OS. It also lists the authorizations that are required for Siebel database accounts when implementing and using DB2 for z/OS. DB2 Authorizations Required
Table 3 lists the authorizations that are necessary to implement Siebel Business Applications on DB2 for z/OS.
Table 3. DB2 Authorizations Required to Implement Siebel Business Applications
|
|
|
Alter a buffer pool. |
SYSADM, SYSCTRL, SYSOPR |
ALTER BUFFERPOOL (BP32K1) VPSIZE(4000); |
Grant use of a buffer pool. |
SYSADM, SYSCTRL |
GRANT USE OF BUFFERPOOL BP32K1 TO PUBLIC; |
Grant CREATEIN for triggers. |
SYSADM, SYSCTRL |
GRANT CREATEIN ON SCHEMA SIEBTO; |
Create a storage group. |
SYSADM, SYSCTRL, CREATESG |
CREATE STOGROUP SIEBEL VOLUMES('*') VCAT SIEBEL; |
Grant use of a storage group. |
SYSADM, SYSCTRL |
GRANT USE OF STOGROUP SIEBEL TO PUBLIC; |
Grant CREATEDBA and DBADM authority. |
SYSADM, SYSCTRL |
GRANT CREATEDBA TO SIEBTO; |
Create a database. |
SYSADM, SYSCTRL, CREATEDBA, CREATEDBC |
SET CURRENT SQLID='SIEBTO'; CREATE DATABASE SIDB0001 CCSID ASCII BUFFERPOOL BP1;
|
Alter a table space. |
DBADM, SYSADM, SYSCTRL |
ALTER TABLESPACE D0010002.H0677000 BUFFERPOOL BP16K0;
|
Create a table space. |
SYSADM, SYSCTRL, DBADM, DBCTRL, DBMAINT, CREATETS |
SET CURRENT SQLID='SIEBTO'; CREATE TABLESPACE H1004000 IN SIDB1004 USING STOGROUP SIEBEL PRIQTY 720 SECQTY 720 BUFFERPOOL BP32K1 SEGSIZE 64 COMPRESS YES LOCKSIZE PAGE;
|
Modify DB2 Connect package (if package already exists). |
DBADM, SYSADM, BIND privilege on the package, ALTERIN privilege on the schema |
BIND
c:\sqllib\bnd\@ddcsmvs.lst COLLECTION SIEBEL BLOCKING ALL DYNAMICRULES BIND OWNER SIEBTO QUALIFIER SIEBTO SQLERROR CONTINUE
|
Add DB2 Connect package (if a package does not already exist). |
DBADM, SYSADM, BINDADD privilege, and IMPLICIT_SCHEMA authority on the database if the schema name does not exist CREATIN privilege on the schema if the schema name of the package exists |
BIND
c:\sqllib\bnd\@ddcsmvs.lst COLLECTION SIEBEL BLOCKING ALL DYNAMICRULES BIND OWNER SIEBTO QUALIFIER SIEBTO SQLERROR CONTINUE
|
Alter a table. |
DBADM, SYSADM, SYSCTRL |
ALTER TABLE SIEBTO.S_CONTACT
ALTER COLUMN COMMENTS SET DATA TYPE VARCHAR (100);
|
Create a table. |
SYSADM, SYSCTRL, DBADM, DBCTRL, DBMAINT, CREATETAB |
SET CURRENT SQLID='SIEBTO'; CREATE TABLE S_SSA_ID,(...)IN SIDB1932.H1932000;
|
Alter an index. |
DBADM, SYSADM, SYSCTRL |
ALTER INDEX SIEBTO.S_CONTACT_U1 BUFFERPOOL BP30;
|
Create an index. |
SYSADM, SYSCTRL, DBADM, DBCTRL |
SET CURRENT SQLID='SIEBTO';CREATE UNIQUE INDEX S_SSA_ID_P1 ON S_SSA_ID(ROW_ID)USING STOGROUP SIEBEL PRIQTY 720 SECQTY 720 DEFINE NO CLOSE YES PCTFREE 17 BUFFERPOOL BP2;
|
Grant CREATE or PACKADM for stored procedures. |
SYSADM, SYSCTRL |
GRANT CREATE ON COLLECTION SIEBINST TO SIEBDBA;
|
Grant BINDADD. |
SYSADM, SYSCTRL |
GRANT BINDADD TO SIEBDBA;
|
Grant SELECT on catalog tables. |
SYSADM, SYSCTRL |
GRANT SELECT ON SYSIBM.SYSTABLES TO SIEBTO;
|
Create User-Defined Functions |
SYSADM, DBADM |
CREATE FUNCTION SIEBEL.NEXTSEQ (INTEGER) RETURNS SYSIBM.INTEGER SPECIFIC SIEBEL.NEXTSEQ EXTERNAL NAME 'NEXTSEQ' LANGUAGE C PARAMETER STYLE DB2SQL NOT DETERMINISTIC FENCED RETURNS NULL ON NULL INPUT NO SQL NO EXTERNAL ACTION SCRATCHPAD 100 NO FINAL CALL DISALLOW PARALLEL NO DBINFO WLM ENVIRONMENT DB27WLM STAY RESIDENT NO PROGRAM TYPE SUB SECURITY DB2 INHERIT SPECIAL REGISTERS
|
Siebel Database Account Authorizations
Before installing and configuring the Siebel database, the DBA must create the following database accounts:
- Table owner (Siebel schema owner) account
The table owner is the Siebel schema owner, that is, the user account assigned to the schema that owns the Siebel database objects. Privileges required for this account include DBA administration (DBADM) privileges.
- Siebel security group authorization account
Specify a security group ID, for example, SSEROLE, for client access to the Siebel database. The security group ID is also referred to as the secondary authorization ID.
- Siebel administrator account
The Siebel administrator account, for example, SADMIN, must be added as a member of the Siebel security group.
NOTE: The password assigned to the table owner and Siebel administrator accounts must not be the same as the user name specified for these accounts. To increase the security of your Siebel implementation, it is also recommended that you change the password of the Siebel administrator account regularly. For information on this task, see Siebel Security Guide.
Table 4 lists the authorizations that the database accounts created for Siebel Business Applications might need. Your enterprise might have unique role names that it assigns with the authorities listed in this table. Therefore, the role names in Table 4 are examples only.
Table 4. Authorizations Required by Siebel Database Accounts
|
|
|
|
Performing the following actions on Siebel tables:
- Delete
- Insert
- Select
- Update
|
Siebel group ID (for example, SSEROLE group). |
Table privileges are granted automatically during the installation of the Siebel database. |
GRANT ALL ON TABLE S_SSA_ID TO SSEROLE;
|
Setting the current SQL ID |
Schema qualifier group or individual ID, for example, SIEBTO. |
This user owns the schema objects (created by the database administrator) that are used during the installation of Siebel CRM. |
SET CURRENT SQLID='SIEBTO';
|
Performing server functions, such as:
- Runstats
- Generate triggers
|
Siebel administrator group, for example, SADMIN. |
This user is:
- A member of the generic user role
- A member of the Resource Access Control Facility (RACF) group, or of another security package group, selected to act as administrator
- A Siebel database administrator (SIEBDBA)
|
RUNSTATS TABLESPACE D0010677.H0677000 TABLE(SIEBEL.S_CONTACT)FREQVAL COUNT 10
CREATE TRIGGER SIEBEL.PTH0477 NO CASCADE BEFORE INSERT ON SIEBEL.S_ASSET
SET N.PARTITION_COLUMN = RIGHT (N.ROW_ID, 2);
END |
|