Updates to IBM InfoSphere Guardium S-TAP for DB2 on z/OS v8.1
Updates that apply to InfoSphere Guardium S-TAP for DB2 on z/OS v8.1 User's Guide (SC27-3638-0).
The updates are listed in chronological order.
Date of change: March 16, 2012
Topic: “Software requirements” p. 5
The minimum required z/OS version has been updated to to V1.10 in the “Software requirements“ topic on page 5 of the User's Guide:
Server and agent
- z/OS® Version 1 Release 10 or higher.
Date of change: March 16, 2012
Topic: “Audit SQL Collector Parameters” p. 111
Add the following parameter descriptions to the “Audit SQL Collector Parameters“ topic on page 111 of the User's Guide:
Default: Defaults to the user ID under which the started task will run.
Description: The AUTHID parameter defines the DB2® AUTHID that ADH uses when establishing a connection to DB2 during interval processing. If you are using RACF® on your DB2 system, this ID must be defined to RACF. The AUTHID specified needs to be authorized through the resident security package, such as RACF, to perform the functions needed for all processes done by the started task and the ASC monitoring subsystem. Such processes include connecting to each of the monitored DB2 SSIDs and performing file update activities against the ADH VSAM control file.
1. The ID specified in the startup parameter AUTHID must be a valid TSO user ID and not a RACF group name.
2. If the AUTHID parameter is defined in the RACF Started Procedures Table (ICHRIN03), it should not be used as a startup parameter. The Started Procedures Table (ICHRIN03) associates the names of started procedures with specific RACF user IDs and group names. It can also contain a generic entry that assigns a user ID or group name to any started task that does not have a matching entry in the table. However, it is recommended that you use the STARTED class for most cases rather than the started procedures table.
Where db2authid is the DB2 AUTHID that IBM InfoSphere uses when establishing a connection to DB2 during interval processing.
- If this ADH V8.1 CQR Master Address Space is already started, it is shared with other ADH V8.1 subsystems that are already using it.
- If this Master Address Space has not already been started, it will be started automatically.
Description: The MASTER_PROCNAME parameter enables users to specify the PROCNAME to be used for the Master Address Space. Specifying this parameter causes IBM InfoSphere to use the ADH 8.1 ADH Master Address Space with the same name.
where procname is the desired Master Address Space PROCNAME (character, 8 bytes).)
Date of change: January 27, 2012
Topic: “Creating IBM InfoSphere aliases”
This change was made in response to PMR: 38394
Add the following information to the “ Creating IBM InfoSphere aliases“ topic on page 22 of the User's Guide:
Explanation of ADHDDLS SAMPLIB member
The S-TAP server and agent use aliases when accessing Administration Repository objects. The use of aliases allows flexibility in configuring access control to the Repository objects. The aliases are created by the SAMPLIB member ADHDDLS.
When submitted, the ADHDDLS job creates aliases for the previously created Repository objects. The values used to create the Repository objects, and the user ID(s) used to execute the server and agent, determine the values to be used for #ADHUSERID in the ADHDDLS job.
The sample jobs supplied in SAMPLIB are provided for configuring the STAP server and agent in a variety of configurations. Specifically, the following instructions explain the usage of ADHDDLS for two common scenarios:
Scenario 1: Authorization Id = ‘STCUSER,’ Object Qualifier =’ SYSTOOLS’
If the default value of ‘SYSTOOLS’ is to be used for the Repository object qualifier, substitute ‘SYSTOOLS’ for #ADHUSERID when submitting the ADHDDLS job.
Scenario 2: Authorization Id = ‘STCUSER,’ Object Qualifier =’ STCUSER’
Submit ADHDDLS, substituting ‘STCUSER’ for #ADHUSERID. Specify ‘STCUSER’ for the <object-qualifier> in the server and agent configuration files.
Some installation sites may require the use of unique USERIDs for each of the server and agent tasks. Separate ADHUSERIDs can be configured for the server and agent with additional submissions of ADHDDLS and corresponding updates to the respective configuration files.