How can I allow our DB2 administrators to be able to answer user questions on CA-ACF2 for DB2 resource violations?

Document ID : KB000024512
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

The DB2 administrators are not ACF2 administrators and have no ACF2 authority. How can they address questions from the DB2 users about access denials and DB2 resource rules?

 

Answer:

If you give the DB2 administrators the AUDIT privilege on their lids, they will be able to view the user lidrecs and the CA-ACF2 rules. If you don't want the DB2 administrators to view all CA-ACF2 rules, you can limit their scope so they can only list the D-class resource rules for CA-ACF2 for DB2. This would require a SCOPE record. If you do scope the DB2 administrators, you will have to remove AUDIT from the GSO OPTS INFOLIST and the GSO RULEOPTS DECOMP options. If AUDIT appears in the INFOLIST and DECOMP options, the administrator would be able to list any rule or INFOSTG record.