BIND SERVICE subcommand (DSN)
The BIND SERVICE (DSN) subcommand builds an application package that represents a Db2 REST service. Db2 records the description of the service in the catalog tables and saves the prepared package in the directory.
Environment for BIND SERVICE
You can issue BIND SERVICE from a DSN session under TSO that runs in the foreground or background.
Data sharing scope: Group
Authorization for BIND SERVICE
The package owner must have the required authorization, such as SYSADM or DATAACCESS authority, to execute the SQL statement embedded in a package and to build the package.
If BIND SERVICE is issued in a trusted context defined with the ROLE AS OBJECT OWNER clause, the package owner must be a role with the role ownership to execute the command. If the OWNER option of the command is specified, the owner will be assumed a role. If the OWNER option is not specified, the role of the binder becomes the owner. If the trusted context is not specified with the ROLE AS OBJECT OWNER clause, the current rules for BIND ownership apply.
For VALIDATE(BIND), Db2 verifies the authorization at bind time. For VALIDATE(RUN), Db2 verifies the authorization initially at bind time, but if the authorization check fails, Db2 rechecks it at run time. The following table summarizes the authorization required for running BIND SERVICE, depending on the bind options that you specify and, in the case of the ACTION (ADD) option, the value of the BIND NEW PACKAGE field on installation panel DSNTIPP1:
Bind option | Installation panel field BIND NEW PACKAGE (BINDNV subsystem parameter) | Authorization required to run BIND PACKAGE |
---|---|---|
ADD, using the default owner or primary authorization ID | BINDADD | The primary authorization ID or role must have one of the following to add a new package to a collection:
|
ADD, using the default owner or primary authorization ID | BIND | The primary authorization ID or role must have one of the following to add a new package to a collection:
|
ADD, specifying an OWNER other than the primary authorization ID1 | BINDADD |
If any of the authorization IDs or roles of the process has SYSADM authority, SYSCTRL authority, or system DBADM authority, OWNER authorization-id can be any value, when subsystem parameter SEPARATE_SECURITY is set to NO. If any of the authorization IDs has the BINDAGENT privilege granted from the owner, authorization-id can specify the grantor as OWNER. Otherwise, the OWNER authorization-id must be one of the primary or secondary authorization IDs of the binder. If you specify OWNER authorization-id , Db2 first checks the OWNER and then the binder for the necessary bind privilege. If the binder does not have SYSADM, SYSCTRL, or system DBADM authority, the authorization ID or role of the OWNER must have one of the following to add a new package to a collection:
|
ADD, specifying an OWNER other than the primary authorization ID1 | BIND |
If any of the authorization IDs or roles of the process has SYSADM authority, SYSCTRL authority, or system DBADM authority, OWNER authorization-id can be any value, when subsystem parameter SEPARATE_SECURITY is set to NO. If any of the authorization IDs has the BINDAGENT privilege granted from the owner, authorization-id can specify the grantor as OWNER. Otherwise, the OWNER authorization-id must be one of the primary or secondary authorization IDs of the binder. If you specify OWNER authorization-id , Db2 first checks the OWNER and then the binder for the necessary bind privilege. If the binder does not have SYSADM, SYSCTRL, or system DBADM authority, the authorization ID or role of the OWNER must have one of the following to add a new package to a collection:
|
Note:
|
Syntax for BIND SERVICE
- 1 The location name can only be specified when the COPY option is specified.
- 2 NOREOPT(VARS) can be specified as a synonym of REOPT(NONE)
- 3 REOPT(VARS) can be specified as a synonym of REOPT(ALWAYS)
Descriptions for BIND SERVICE
The collection-id, NAME(service-name), and VERSION(version-id) option values identify the complete name of the Db2 REST service to bind. The location-name value can only be specified when the COPY option is specified.
- location-name
-
The location of the DBMS where the Db2 REST service is bound and its description resides. The location name must be defined in the SYSIBM.LOCATIONS catalog table. If that table does not exist or if the DBMS is not in it, you receive an error message. See LOCATIONS catalog table.
The default is the local DBMS.
- collection-id
- Specifies the collection to contain the package for the REST service. The maximum length is 128 bytes. There is no default.
collection-id can be an ordinary or a delimited identifier. The delimiter for collection-id is double quotation marks (
"
). If collection-id is delimited, Db2 does not convert the value to uppercase.If the collection-id value for a REST service is a delimited identifier, it can contain these characters: uppercase letters (
A–Z
), lowercase letters (a–z
), numerals (0–9
), underscore (_
), at sign (@
), pound sign (#
), and dollar sign ($
). - NAME(service-name)
-
The name of the Db2 REST service to be bound. The maximum length of a Db2 rest service name is 128 bytes. There is no default.
The service-name can be an undelimited or a delimited identifier. The delimiter for service-name is double quotation marks ("). If service-name is delimited, Db2 does not convert the value to uppercase.
If the service-name value for a REST service is a delimited identifier, it can include these characters: uppercase letters (
A–Z
), lowercase letters (a–z
), numerals (0–9
), underscore (_
), at sign (@
), pound sign (#
), and dollar sign ($
).For more information, see NAME bind option.
- VERSION(version-id)
-
Defines the version identifier of the Db2 REST service. A version identifier is an SQL identifier of up to 64 characters, each of which is one of the following characters: uppercase letters (
A–Z
), lowercase letters (a–z
), numerals (0–9
), underscore (_
), at sign (@
), pound sign (#
), and dollar sign ($
).If you do not specify a version, the default version identifier used is determined based on whether REST service versioning support has been enabled or not. If REST service versioning support has been enabled, then "V1" is used as the default, otherwise, the empty string is used.
For more information, see VERSION bind option.
- Other options for BIND SERVICE
-
For descriptions of the other options shown in the syntax diagram, see BIND and REBIND options for packages, plans, and services.
Usage notes for BIND SERVICE
- Trace information for data sharing members
- When this command with group scope is issued in a Db2 data sharing member, it also runs on all other active members. IFICID 090 trace records for other group members can show that the same command was issued by the SYSOPR authorization ID from the 016.TLPKN5F correlation ID, in addition to the trace records from the member where the original command was issued. See Command scope in Db2 data sharing.