Setting up required user IDs and permissions
Specific user IDs with sufficient permissions are required to install, configure, administer, and use SQL Tuning Services, Db2® for z/OS®, and other related components. You must allocate or create these user IDs before you start to install SQL Tuning Services.
Installing and configuring SQL Tuning Services and its related products requires several different user IDs that have specific privileges and permissions. These IDs are listed in the following table. The names in the user ID column are used throughout the installation and configuration documentation, but you can assign any names that you want to these IDs.
User ID | Description | Required privilege or permission |
---|---|---|
tms_setup_userid |
This ID is typically used by a system programmer to install, configure, and start SQL Tuning Services in UNIX System Services. |
|
db2_authid_R |
This user ID is used to access the Db2 for z/OS subsystem where the SQL Tuning Services repository database resides. |
The CREATEDBA privilege and the CREATEIN privilege on SCHEMA IBMTMS are required on the Db2 for z/OS subsystem where the SQL Tuning Services repository database will
reside:
Additionally, to use the extended tuning features, the |
tms_userid |
This user ID is used to log on to SQL Tuning Services. |
All SQL Tuning Services users need the following permissions:
Additionally, you need a
tms_userid that has permission to
execute the CANADMINISTER authentication UDF (by default, IBMTMS.CANADMINISTER).
This
user ID is considered to be an SQL Tuning Services
administrator and is responsible for the following tasks:
A user who does not have permission to execute the CANADMINISTER UDF can see only their jobs. |
db2_authid_T |
This user ID is a Db2 for z/OS authorization ID that's used to connect to the target Db2 for z/OS subsystem to run various tuning APIs. To run certain tuning APIs, the |
Use the DSN5RTTG sample job to grant all of the following privileges.
|
Example
Carol is an SQL Tuning Services administrator who
is who is responsible for creating the repository database, creating repository tables, granting
privileges to SQL Tuning Services users, managing all
tuning connections, and so on. To perform these adminstrative tasks, Carol needs a
tms_userid
ID with CANVIEW and CANADMINISTER privilege on the
SQL Tuning Services repository database.
The following figure illustrates the function of Carol's
tms_userid
ID.
- A
tms_userid
ID to log on to SQL Tuning Services. Because he is a user with no administrative responsibilities, Zhou'stms_userid
ID must have UDF CANVIEW privilege on the repository database. - A
db2_authid_T
ID to connect to the target Db2 subsystem. - Access to the functional
db2_authid_R
ID.
The following figure illustrates the function of the IDs that Zhou needs to use. In this figure, the repository database resides on its own subsystem, but it can also reside on the same subsystem as a target Db2 database.