How to provide admin authorize in DDOL?

Document ID : KB000103475
Last Modified Date : 11/07/2018
Show Technical Document Details
Question:
 We have a couple of concern to provide the admin authority for the user who needs to make the data structure change in data dictionary.
1. How to locate the user ID -68K in Data dictionary?
2. How to get the display name of the user
3. Steps to authorize the user as admin Kindly provide the solution for the above concerns. 
Environment:
z/os, CA Datacom/DB 14.0 and higher
Answer:
There are different ways to locate the Userid and related name (entity_name).

1- Via SQL, Using DBSQLPR, the requests could be:
Select entity_name, userid from sysadm.person where status = 'P';
Select entity_name, userid from sysadm.person where status = 'P' and userid = '68K';

2- Via DDUTILTY report using SYSIN:
//SYSIN DD *
+USR DATACOM-INSTALL,NEWUSER
+RPT DETAIL,PERSON
/*
Report, among other fields, displays Userid and Name. Do a find in your report output for '68K' in userid column.

3- Via DDOL, CICS transaction.
  a- signon
  b- go to Authorize and enter password (like 'Datacom-Install', 'Newuser' and then 'Newuser' on the next screen when asked to provide password). 
  c- enter 1 - Maintain Person - option will list all the Name and userid. Scroll until you find ID '68K'

  It displays panel T41U. It also displays column 'Profile' ($DD-ADM, $DD-UPD....etc)
  You may enter $DD-ADM in front of userid '68K' to give that user the profile $DD-ADM. 
   $DD-ADM profile gives authority for managing (display,update) database structure.

  The following DDUTILTY SYSIN will display all userid having $DD-ADM profile:
   //SYSIN DD *
   -RPT RELAT,AUTHORIZATION,$DD-ADM(PROD)        
   -END                                          
   and replace $DD-ADM with any other profile you may want.
 
 
Additional Information:
- More can be found in docops:
https://docops.ca.com/ca-datacom/15-1/en/administrating/security-overview/ca-datacom-datadictionary-internal-security/ca-datacom-datadictionary-security-model/security-model-profiles-authorization-entity-occurrence

-In Batch it is done via DDUPDATE utility using card 1010.
 see https://comm.support.ca.com/kb/creating-caideal-users-in-batch/kb000028323   for more.

Other DDUPDATE examples:

Note that you can ADD or DELETE, so in order to change an existing profile for an existing person you must DELETE then ADD as shown below. 

See below also: 
-USR DATACOM-INSTALL,NEWUSER 
-ADD PERSON,userid 
1010 ADD profile 
1014 password 
-UPD PERSON,userid(001),PROD 
-END 
where "profile" is a valid Datadictionary profile (e.g. $DD-ADM). 

-USR DATACOM-INSTALL,NEWUSER 
-UPD PERSON,test person-occ(PROD) 
1010 DEL $DD-OLD-PROFILE 
1010 ADD $DD-NEW 
-END