Obtaining Required Security Privileges
For detailed information about security for DB2 for z/OS installations and upgrades, see Implementing Siebel Business Applications on DB2 for z/OS.
In Siebel CRM releases since 8.0.x, access privileges to database resources such as tables, views, and triggers are granted to a user group. A user group is a definition within the security package (for example, RACF) that has a common set of users attached to it. Access to the DB2 tables is granted to the user group, and user authentication is performed at the group level. All users belonging to the group are allowed access. All users who are not part of the group are denied access.
The user who executes the upgrade must be a member of a qualified group. To grant this user tableowner privileges, the tableowner must be set up as a qualified group, and the DBA who executes DDLs must be a member of this qualified group. The group ID is the qualifier (for example, RACF group ID).
The Siebel installation process allows the installer to specify the group user name for client access (the default is SSEROLE), and the resulting installation scripts generate the appropriate GRANT statements. GRANT statements for additional security groups that might be required must be created manually.
The following privileges are necessary for the user who performs the upgrade:
- Read the DB2 catalog 
- Execute stored procedures 
- Bind stored procedures 
Because each enterprise has specific requirements, it is recommended that you discuss your particular situation with your Siebel technical resource.