DB2 z/OS - Recover Authorization

Glen Sanderson

DB2 z/OS - Recover Authorization
Would any of you know whether DB2's security has changed recently, with
RACF security now being involved during recovery utilities? I don't
remember ever having a RACF related error during a recovery, but find it
hard to believe that I would have had RACF access to all datasets
involved in recoveries over the years. The DB2 V8 Utility Guide doesn't
mention anything about RACF security, in the 'Authorities Required'
section.



Recover TOCOPY xxxxx gives a security violation

Recover TOLASTCOPY does not



Is this always true?


"MMS <safeway.com>" made the following annotations.
------------------------------------------------------------------------------
Warning:
All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately.

======

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". The IDUG DB2-L FAQ is at http://www.idugdb2-l.org. The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

Ivan L

Re: DB2 z/OS - Recover Authorization
(in response to Glen Sanderson)

Can you post the racf error?


________________________________

De: DB2 Data Base Discussion List [mailto:[login to unmask email] En nombre
de Glen Sanderson
Enviado el: jueves, 11 de enero de 2007 21:48
Para: [login to unmask email]
Asunto: [DB2-L] DB2 z/OS - Recover Authorization



Would any of you know whether DB2's security has changed recently, with
RACF security now being involved during recovery utilities? I don't
remember ever having a RACF related error during a recovery, but find it
hard to believe that I would have had RACF access to all datasets
involved in recoveries over the years. The DB2 V8 Utility Guide doesn't
mention anything about RACF security, in the 'Authorities Required'
section.



Recover TOCOPY xxxxx gives a security violation

Recover TOLASTCOPY does not



Is this always true?

"MMS <safeway.com>" made the following annotations.
------------------------------------------------------------------------
------
Warning:
All e-mail sent to this address will be received by the Safeway
corporate e-mail system, and is subject to archival and review by
someone other than the recipient. This e-mail may contain information
proprietary to Safeway and is intended only for the use of the intended
recipient(s). If the reader of this message is not the intended
recipient(s), you are notified that you have received this message in
error and that any review, dissemination, distribution or copying of
this message is strictly prohibited. If you have received this message
in error, please notify the sender immediately.


======


------------------------------------------------------------------------
--------- Welcome to the IDUG DB2-L list. To unsubscribe, go to the
archives and home page at http://www.idugdb2-l.org/archives/db2-l.html.
From that page select "Join or Leave the list". The IDUG DB2-L FAQ is at
http://www.idugdb2-l.org. The IDUG List Admins can be reached at
[login to unmask email] Find out the latest on IDUG conferences
at http://conferences.idug.org/index.cfm


Banco de España - Aviso legal

Este mensaje, su contenido y cualquier fichero transmitido
con él está dirigido únicamente a su destinatario y es
confidencial. Por ello, se informa a quien lo reciba por error o
tenga conocimiento del mismo sin ser su destinatario, que la
información contenida en él es reservada y su uso no
autorizado, por lo que en tal caso le rogamos nos lo comunique
por la misma vía o por teléfono (+ 34 91 338 66 66), así como
que se abstenga de reproducir el mensaje mediante cualquier
medio o remitirlo o entregarlo a otra persona, procediendo a su
borrado de manera inmediata.

El Banco de España se reserva las acciones legales que le
correspondan contra todo tercero que acceda de forma
ilegítima al contenido de cualquier mensaje externo procedente
del mismo.

Para informacion y consultas visite nuestra web
http://www.bde.es


Banco de España - Disclaimer
This message, its content and any file attached thereto is for
the intended recipient only and is confidential. If you have
received this e-mail in error or had access to it, you should
note that the information in it is private and any use thereof
is unauthorised. In such an event please notify us by e-mail or
by telephone (+ 34 91 338 66 66). Any reproduction of this
e-mail by whatsoever means and any transmission or dissemination
thereof to other persons is prohibited. It should be deleted
immediately from your system.

The Banco de España reserves the right to take legal action
against any persons unlawfully gaining access to the content of
any external message it has emitted.

For additional information, please visit our website
http://www.bde.es

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". The IDUG DB2-L FAQ is at http://www.idugdb2-l.org. The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm

Richard Humphris

Re: DB2 z/OS - Recover Authorization
(in response to Ivan L)

We don't have RACF (we use ACF2), so take the following with a grain of
salt.

I'd think the datasets involved in recoveries are being validated
against the DB2XDBM1 address space (as it would be allocating, opening
and closing the actual datasets involved in the recovery).

However, I suspect DB2 is also asking RACF if you are allowed to issue
the recovery command in the first place. And this check would be
against the user who is trying to initiate the recovery.

Richard Humphris
Business: 312-822-5193
Text Pager: 877-814-2246
To send short email to pager... send email to:
[login to unmask email]




________________________________

From: DB2 Data Base Discussion List [mailto:[login to unmask email]
On Behalf Of Glen Sanderson
Sent: Thursday, January 11, 2007 2:48 PM
To: [login to unmask email]
Subject: [DB2-L] DB2 z/OS - Recover Authorization



Would any of you know whether DB2's security has changed
recently, with RACF security now being involved during recovery
utilities? I don't remember ever having a RACF related error during a
recovery, but find it hard to believe that I would have had RACF access
to all datasets involved in recoveries over the years. The DB2 V8
Utility Guide doesn't mention anything about RACF security, in the
'Authorities Required' section.



Recover TOCOPY xxxxx gives a security violation

Recover TOLASTCOPY does not



Is this always true?

"MMS <safeway.com>" made the following annotations.

------------------------------------------------------------------------
------
Warning:
All e-mail sent to this address will be received by the Safeway
corporate e-mail system, and is subject to archival and review by
someone other than the recipient. This e-mail may contain information
proprietary to Safeway and is intended only for the use of the intended
recipient(s). If the reader of this message is not the intended
recipient(s), you are notified that you have received this message in
error and that any review, dissemination, distribution or copying of
this message is strictly prohibited. If you have received this message
in error, please notify the sender immediately.



======



------------------------------------------------------------------------
--------- Welcome to the IDUG DB2-L list. To unsubscribe, go to the
archives and home page at http://www.idugdb2-l.org/archives/db2-l.html.
From that page select "Join or Leave the list". The IDUG DB2-L FAQ is at
http://www.idugdb2-l.org. The IDUG List Admins can be reached at
[login to unmask email] Find out the latest on IDUG conferences
at http://conferences.idug.org/index.cfm



E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the
addressee(s) and may contain confidential and/or legally privileged information. If you are not the
intended recipient of this message or if this message has been addressed to you in error, please
immediately alert the sender by reply e-mail and then delete this message and any attachments. If you
are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or
storage of this message or any attachment is strictly prohibited.

---------------------------------------------------------------------------------
Welcome to the IDUG DB2-L list. To unsubscribe, go to the archives and home page at http://www.idugdb2-l.org/archives/db2-l.html. From that page select "Join or Leave the list". The IDUG DB2-L FAQ is at http://www.idugdb2-l.org. The IDUG List Admins can be reached at [login to unmask email] Find out the latest on IDUG conferences at http://conferences.idug.org/index.cfm