I would like to protect db2 commands issued from a console
can I protect this with opercmd?
I tried using opercmd(#sto), and opercmd(mvs.#sto), I already have
But none of these rules are being picked up.
The only way to prevent the stopping of DB2 is by ensuring that the users who attempt to stop DB2 have either:
Note that when the commands are issued from the MVS console, it is only the issuers authority that is checked and not that of secondary auth IDs.
But there is no way to control the actual issuance of the command - only whether the command will be successful or not.
This is due to the fact that the commands issued to the console do not go through standard "MVS" operator command authorities as they are directly intercepted by the DB2 subsystem.
The above listed authorities are set within DB2.
So that means that CA Top Secret cannot be used to control who can stop DB2 - it is dependent on the operator's internal DB2 authority.