Replication Guide and Reference

Authorization requirements for running the Capture and Apply programs

This section describes the commands available for granting and revoking authority to the replication control tables: Granting authority and Revoking authority.

Granting authority

The Grant DPR Authority (GRTDPRAUT) command authorizes a list of users to the replication control tables, so that the users can run the Capture and Apply programs. The GRTDPRAUT command compensates for the different authority requirements for DPROPR/400. For example, the authority requirements for the user who is running the Capture and Apply programs might differ from the authority requirements for the user who defines replication sources and targets.

You must have *ALLOBJ authority to grant authorities.

>>-GRTDPRAUT---USER(--+---user-name---+---)--------------------->
                      '-*PUBLIC-------'
 
                                          .-1--.
>----AUT(--+-*REGISTRAR--+---)---DPRVSN(--+-5--+---)------------>
           +-*SUBSCRIBER-+
           +-*CAPTURE----+
           '-*APPLY------'
 
               .-*ALL------------.
>----APYQUAL(--+-*USER-----------+---)-------------------------><
               '-apply-qualifier-'

Table 14. GRTDPRAUT Command Parameter Definitions for AS/400

Parameter Definition and Prompts
USER Specifies the users who have authority.

user-name
Specifies the names of up to 50 users who have authority.
*PUBLIC
Specifies that *PUBLIC authority is granted to the file, but (if insufficient for the task) is used only for those users who have no specific authority, who are not on the authorization list associated with the file, and whose group profile does not have any authority.

AUT Specifies the type of DPROPR/400 authority being granted.

*REGISTRAR (default)
Specifies that the users are granted the authorities to define, change, and remove subscription sets.
For a complete list of authorities with AUT(*REGISTRAR), see Table 15.
*SUBSCRIBER
Specifies that the users are granted authority to define, change, and remove subscription sets.
For a complete list of authorities with AUT(*SUBSCRIBER), see Table 16.
*CAPTURE
Specifies that the users are granted authority to run the Capture program.
For a complete list of authorities granted with AUT(*CAPTURE), see Table 17.
*APPLY
Specifies that the users are granted authority to run the Apply program.
The command does not grant authority to any of the objects that reside on other databases accessed by the Apply program.
When an Apply process is invoked, the user associated with the DRDA application server job must also be granted *APPLY authority. If the source is an AS/400 server, the GRTDPRAUT command should be run on the source server system, with the application server job user specified on the USER parameter and the Apply qualifier specified on the APYQUAL parameter.
Authorities are not granted to the target tables unless the target server is the same as the control server and both reside on the system where the command is run.
For a complete list of authorities granted with AUT(*APPLY), see Table 18.

DPRVSN Specifies the version of DPROPR/400. You can specify one or both of the version levels.

1 (default)
Specifies Version 1 of DPROPR/400.
5
Specifies Version 5 of DPROPR/400.

APYQUAL Specifies the Apply qualifier to be used by the user specified with the USER parameter. This parameter is used only when AUT(*APPLY) or AUT(*SUBSCRIBER) is specified.

*ALL (default)
Specifies that the user is granted authority to run the Apply program or to define and remove subscriptions for all Apply qualifiers.
*USER
Specifies that the users specified on the USER parameter are granted authority to subscriptions with an Apply qualifier that is the same as the user name.
apply-qualifier
Specifies that the user is granted authority to run the Apply program or define and remove subscriptions for the Apply qualifiers associated with this Apply qualifier.

The user is granted authority to all replication sources, CD tables, and CCD tables associated with records in the pruning control table that have a value in the APPLY_QUAL column matching the value input with the APYQUAL parameter.
The user is granted authority to the subscriptions listed in the subscription-targets-member table that reside on this system.

Parameter	Definition and Prompts
USER	Specifies the users who have authority. `user-name` Specifies the names of up to 50 users who have authority. PUBLIC Specifies that PUBLIC authority is granted to the file, but (if insufficient for the task) is used only for those users who have no specific authority, who are not on the authorization list associated with the file, and whose group profile does not have any authority.
AUT	Specifies the type of DPROPR/400 authority being granted. REGISTRAR (default) Specifies that the users are granted the authorities to define, change, and remove subscription sets. For a complete list of authorities with AUT(REGISTRAR), see Table 15. SUBSCRIBER Specifies that the users are granted authority to define, change, and remove subscription sets. For a complete list of authorities with AUT(SUBSCRIBER), see Table 16. CAPTURE Specifies that the users are granted authority to run the Capture program. For a complete list of authorities granted with AUT(CAPTURE), see Table 17. APPLY Specifies that the users are granted authority to run the Apply program. The command does not grant authority to any of the objects that reside on other databases accessed by the Apply program. When an Apply process is invoked, the user associated with the DRDA application server job must also be granted APPLY authority. If the source is an AS/400 server, the GRTDPRAUT command should be run on the source server system, with the application server job user specified on the USER parameter and the Apply qualifier specified on the APYQUAL parameter. Authorities are not granted to the target tables unless the target server is the same as the control server and both reside on the system where the command is run. For a complete list of authorities granted with AUT(*APPLY), see Table 18.
DPRVSN	Specifies the version of DPROPR/400. You can specify one or both of the version levels. 1 (default) Specifies Version 1 of DPROPR/400. 5 Specifies Version 5 of DPROPR/400.
APYQUAL	Specifies the Apply qualifier to be used by the user specified with the USER parameter. This parameter is used only when AUT(APPLY) or AUT(SUBSCRIBER) is specified. ALL (default) Specifies that the user is granted authority to run the Apply program or to define and remove subscriptions for all* Apply qualifiers. *USER Specifies that the users specified on the USER parameter are granted authority to subscriptions with an Apply qualifier that is the same as the user name. `apply-qualifier` Specifies that the user is granted authority to run the Apply program or define and remove subscriptions for the Apply qualifiers associated with this Apply qualifier. The user is granted authority to all replication sources, CD tables, and CCD tables associated with records in the pruning control table that have a value in the APPLY_QUAL column matching the value input with the APYQUAL parameter. The user is granted authority to the subscriptions listed in the subscription-targets-member table that reside on this system.

You cannot use the GRTDPRAUT command while the Capture or Apply programs are running, or when applications that use the source tables are active because authorizations cannot be changed on files that are in use.

Examples

Example 1: To authorize user USER1 to define and modify replication sources:

GRTDPRAUT USER(USER1) AUT(*REGISTRAR) DPRVSN(5)

Example 2: To authorize user USER1 to define and modify subscriptions:

GRTDPRAUT USER(USER1) AUT(*SUBSCRIBER) DPRVSN(5)

Example 3: To authorize user USER1 to define and modify existing subscriptions associated with Apply qualifier A1:

GRTDPRAUT USER(USER1) AUT(*SUBSCRIBER) DPRVSN(5) APYQUAL(A1)

Example 4: To authorize a user to run the Apply program on the control server system for all subscriptions associated with Apply qualifier A1, where the target server is the same as the control server:

Run the following command on the system where the Apply program will run:
```
GRTDPRAUT USER(USER1) AUT(*APPLY) DPRVSN(5) APYQUAL(A1)
```
If the application server job on the source server used by the Apply program runs under user profile USER1, run the following command on the source server systems:
```
GRTDPRAUT USER(USER1) AUT(*APPLY) DPRVSN(5) APYQUAL(A1)
```
If the application server job on the source server used by the Apply program runs under a different user profile; for example, QUSER, the command is:
```
GRTDPRAUT USER(QUSER) AUT(*APPLY) DPRVSN(5) APYQUAL(A1)
```

The levels of authority

The following tables list the authorities granted when you specify:

AUT(*REGISTRAR)
AUT*(SUBSCRIBER)
AUT(*CAPTURE)
AUT(*APPLY)

on the GRTDPRAUT command.

The following table lists the authorities granted when you specify the AUT(*REGISTRAR) parameter on the GRTDPRAUT command:

Table 15. Authorities granted with GRTDPRAUT AUT(*REGISTRAR)

Library Object Type Version Authorizations
QSYS ASN *LIB 1 5 *USE, *ADD
ASN QSQJRN *JRN 1 5 *OBJOPR, *OBJMGT
ASN IBMSNAP_REGISTER *FILE 5 *OBJOPR, *READ, *ADD, *UPD, *DLT
ASN IBMSNAP_REGISTERX *FILE 5 *OBJOPR, *READ, *ADD, *UPD, *DLT
ASN IBMSNAP_REG_EXT *FILE 1 5 *OBJOPR, *OBJMGT, *READ, *ADD, *UPD, *DLT
ASN IBMSNAP_REG_EXTX *FILE 1 5 *OBJOPR, *OBJMGT, *READ, *ADD, *UPD, *DLT
ASN IBMSNAP_UOW *FILE 1 5 *OBJOPR, *OBJMGT, *READ, *ADD *DLT
ASN IBMSNAP_UOW_IDX *FILE 1 5 *OBJOPR, *OBJMGT, *READ, *ADD, *DLT
ASN IBMSNAP_PRUNCNTL *FILE 5 *OBJOPR, *READ
ASN IBMSNAP_CCPPARMS *FILE 1 5 *OBJOPR, *READ, *UPD
ASN QZSNCTLBLK *USRSPC 1 5 *CHANGE
ASN ASN4B* *SQLPKG 5 *USE
ASN ASN4C* *SQLPKG 5 *USE
QSYS Source library *LIB 1 5 *USE
Source library Source table *FILE 1 5 *OBJOPR, *READ
QSYS Control library *LIB 1 5 *USE, *ADD
Control library CDtimestamp - CD table *FILE 5 *USE, *OBJMGT, *OBJEXIST

Library	Object	Type	Version	Authorizations
QSYS	ASN	*LIB	1 5	USE, ADD
ASN	QSQJRN	*JRN	1 5	OBJOPR, OBJMGT
ASN	IBMSNAP_REGISTER	*FILE	5	OBJOPR, READ, ADD, UPD, *DLT
ASN	IBMSNAP_REGISTERX	*FILE	5	OBJOPR, READ, ADD, UPD, *DLT
ASN	IBMSNAP_REG_EXT	*FILE	1 5	OBJOPR, OBJMGT, READ, ADD, UPD, DLT
ASN	IBMSNAP_REG_EXTX	*FILE	1 5	OBJOPR, OBJMGT, READ, ADD, UPD, DLT
ASN	IBMSNAP_UOW	*FILE	1 5	OBJOPR, OBJMGT, READ, ADD *DLT
ASN	IBMSNAP_UOW_IDX	*FILE	1 5	OBJOPR, OBJMGT, READ, ADD, *DLT
ASN	IBMSNAP_PRUNCNTL	*FILE	5	OBJOPR, READ
ASN	IBMSNAP_CCPPARMS	*FILE	1 5	OBJOPR, READ, *UPD
ASN	QZSNCTLBLK	*USRSPC	1 5	*CHANGE
ASN	ASN4B*	*SQLPKG	5	*USE
ASN	ASN4C*	*SQLPKG	5	*USE
QSYS	Source library	*LIB	1 5	*USE
Source library	Source table	*FILE	1 5	OBJOPR, READ
QSYS	Control library	*LIB	1 5	USE, ADD
Control library	CDtimestamp - CD table	*FILE	5	USE, OBJMGT, *OBJEXIST

The following table lists the authorities granted when you specify the AUT(*SUBSCRIBER) parameter on the GRTDPRAUT command:

Table 16. Authorities granted with GRTDPRAUT AUT(*SUBSCRIBER)

Library Object Type Version Authorizations
QSYS ASN *LIB 5 *USE, *ADD
QSYS IBMSNAP_SUBS_SET *FILE 5 *CHANGE
ASN IBMSNAP_APPLYTRAIL *FILE 5 *CHANGE
ASN IBMSNAP_SUBS_COL *FILE 5 *CHANGE
ASN IBMSNAP_SUBS_EVENT *FILE 5 *CHANGE
ASN IBMSNAP_SUBS_STMTS *FILE 5 *CHANGE
ASN IBMSNAP_SUBS_MEMBR *FILE 5 *CHANGE
ASN IBMSNAP_REGISTER *FILE 5 *USE, *UPD
ASN IBMSNAP_REG_EXT *FILE 1 5 *USE, *UPD
ASN IBMSNAP_PRUNCNTL *FILE 5 *USE, *ADD, *DLT
ASN ASN4U* *SQLPKG 5 *USE
ASN ASN4A* *SQLPKG 5 *USE
QSYS Source library *LIB 1 5 *USE
Source library Source table *FILE 1 5 *OBJOPR, *READ
QSYS Control library *LIB 5 *USE
Control library ASNtimestampPC - pruning control table *LIB 5 *USE
Control library CD table *FILE 1 5 *OBJOPR, *READ
Control library Internal CCD table *FILE 1 5 *OBJOPR, *READ
QSYS Target library *LIB 5 *USE, *ADD
Target library Target table *FILE 5 *USE, *OBJMGT, *OBJEXIST

Library	Object	Type	Version	Authorizations
QSYS	ASN	*LIB	5	USE, ADD
QSYS	IBMSNAP_SUBS_SET	*FILE	5	*CHANGE
ASN	IBMSNAP_APPLYTRAIL	*FILE	5	*CHANGE
ASN	IBMSNAP_SUBS_COL	*FILE	5	*CHANGE
ASN	IBMSNAP_SUBS_EVENT	*FILE	5	*CHANGE
ASN	IBMSNAP_SUBS_STMTS	*FILE	5	*CHANGE
ASN	IBMSNAP_SUBS_MEMBR	*FILE	5	*CHANGE
ASN	IBMSNAP_REGISTER	*FILE	5	USE, UPD
ASN	IBMSNAP_REG_EXT	*FILE	1 5	USE, UPD
ASN	IBMSNAP_PRUNCNTL	*FILE	5	USE, ADD, *DLT
ASN	ASN4U*	*SQLPKG	5	*USE
ASN	ASN4A*	*SQLPKG	5	*USE
QSYS	Source library	*LIB	1 5	*USE
Source library	Source table	*FILE	1 5	OBJOPR, READ
QSYS	Control library	*LIB	5	*USE
Control library	ASNtimestampPC - pruning control table	*LIB	5	*USE
Control library	CD table	*FILE	1 5	OBJOPR, READ
Control library	Internal CCD table	*FILE	1 5	OBJOPR, READ
QSYS	Target library	*LIB	5	USE, ADD
Target library	Target table	*FILE	5	USE, OBJMGT, *OBJEXIST

The following table lists the authorities granted when you specify the AUT(*CAPTURE) parameter on the GRTDPRAUT command:

Table 17. Authorities granted with GRTDPRAUT AUT(*CAPTURE)

Library Object Type Version Authorizations
QSYS ASN *LIB 1 5 *USE, *OBJMGT
ASN IBMSNAP_REGISTER *FILE 1 5 *USE, *UPD
ASN IBMSNAP_REG_EXT *FILE 1 5 *USE, *UPD
QSYS Control library *LIB 1 5 *USE
Control library CD table *FILE 1 5 *OBJOPR, *OBJMGT, *READ, *UPD, *DLT, *ADD
Control library CD table *FILE 1 5 *OBJOPR, *OBJMGT, *READ, *UPD, *DLT, *ADD
ASN IBMSNAP_PRUNCNTL *FILE 5 *USE, *UPD
ASN IBMSNAP_CRITSEC *FILE 5 *USE
ASN IBMSNAP_CCPPARMS *FILE 1 5 *USE
ASN IBMSNAP_UOW *FILE 1 5 *CHANGE
ASN IBMSNAP_TRACE *FILE 5 *CHANGE
ASN IBMSNAP_WARM_START *FILE 5 *CHANGE
ASN IBMSNAP_AUTHTKN *FILE 5 *CHANGE
ASN QZSBCTKBLK *USRSPC 1 5 *CHANGE
ASN ASNB* SQLPKG 5 *USE
ASN ASNC* SQLPKG 5 *USE

Library	Object	Type	Version	Authorizations
QSYS	ASN	*LIB	1 5	USE, OBJMGT
ASN	IBMSNAP_REGISTER	*FILE	1 5	USE, UPD
ASN	IBMSNAP_REG_EXT	*FILE	1 5	USE, UPD
QSYS	Control library	*LIB	1 5	*USE
Control library	CD table	*FILE	1 5	OBJOPR, OBJMGT, READ, UPD, DLT, ADD
Control library	CD table	*FILE	1 5	OBJOPR, OBJMGT, READ, UPD, DLT, ADD
ASN	IBMSNAP_PRUNCNTL	*FILE	5	USE, UPD
ASN	IBMSNAP_CRITSEC	*FILE	5	*USE
ASN	IBMSNAP_CCPPARMS	*FILE	1 5	*USE
ASN	IBMSNAP_UOW	*FILE	1 5	*CHANGE
ASN	IBMSNAP_TRACE	*FILE	5	*CHANGE
ASN	IBMSNAP_WARM_START	*FILE	5	*CHANGE
ASN	IBMSNAP_AUTHTKN	*FILE	5	*CHANGE
ASN	QZSBCTKBLK	*USRSPC	1 5	*CHANGE
ASN	ASNB*	SQLPKG	5	*USE
ASN	ASNC*	SQLPKG	5	*USE

The following table lists the authorities granted when you specify the AUT(*APPLY) parameter on the GRTDPRAUT command:

Table 18. Authorities granted with GRTDPRAUT AUT(*APPLY)

Library Object Type Version Authorizations
QSYS ASN *LIB 1 5 *USE
ASN IBMSNAP_SUBS_SET *FILE 5 *CHANGE
ASN IBMSNAP_APPLYTRAIL *FILE 5 *CHANGE
ASN IBMSNAP_SUBS_COLS *FILE 5 *USE
ASN IBMSNAP_SUBS_EVENT *FILE 5 *USE
ASN IBMSNAP_SUBS_STMTS *FILE 5 *USE
ASN IBMSNAP_SUBS_MEMBR *FILE 5 *USE
ASN ASNA* *SQLPKG 5 *USE
ASN ASNU* *SQLPKG 5 *USE
ASN IBMSNAP_REGISTER *FILE 5 *USE, *UPD
ASN IBMSNAP_REG_EXT *FILE 1 5 *USE, *UPD
ASN IBMSNAP_UOW *FILE 1 5 *USE, *UPD
ASN IBMSNAP_PRUNCNTL *FILE 5 *USE, *UPD, *ADD
ASN IBMSNAP_CRITSEC *FILE 5 *USE, *ADD
ASN IBMSNAP_AUTHTKN *FILE 5 *USE, *ADD
QSYS Control library *LIB 1 5 *USE
Control library CD table *FILE 1 5 *USE
QSYS Target library *LIB 5 *USE
Target library Target table *FILE 5 *CHANGE, *OBJMGT

Library	Object	Type	Version	Authorizations
QSYS	ASN	*LIB	1 5	*USE
ASN	IBMSNAP_SUBS_SET	*FILE	5	*CHANGE
ASN	IBMSNAP_APPLYTRAIL	*FILE	5	*CHANGE
ASN	IBMSNAP_SUBS_COLS	*FILE	5	*USE
ASN	IBMSNAP_SUBS_EVENT	*FILE	5	*USE
ASN	IBMSNAP_SUBS_STMTS	*FILE	5	*USE
ASN	IBMSNAP_SUBS_MEMBR	*FILE	5	*USE
ASN	ASNA*	*SQLPKG	5	*USE
ASN	ASNU*	*SQLPKG	5	*USE
ASN	IBMSNAP_REGISTER	*FILE	5	USE, UPD
ASN	IBMSNAP_REG_EXT	*FILE	1 5	USE, UPD
ASN	IBMSNAP_UOW	*FILE	1 5	USE, UPD
ASN	IBMSNAP_PRUNCNTL	*FILE	5	USE, UPD, *ADD
ASN	IBMSNAP_CRITSEC	*FILE	5	USE, ADD
ASN	IBMSNAP_AUTHTKN	*FILE	5	USE, ADD
QSYS	Control library	*LIB	1 5	*USE
Control library	CD table	*FILE	1 5	*USE
QSYS	Target library	*LIB	5	*USE
Target library	Target table	*FILE	5	CHANGE, OBJMGT

Revoking authority

The Revoke DPR Authority (RVKDPRAUT) command revokes authority to the replication control tables so that users can no longer define or modify replication sources and subscriptions.

                        .----------------.
                        V                |                  .-1--.
>>-RVKDPRAUT--USER(--+------user-name----+-+---)---DPRVSN(--+-5--+---)-->
                     '-*PUBLIC-------------'
 
>--------------------------------------------------------------><

The command returns an error message if any of the following conditions occur:

If a specified user does not exist.
If the user running the command is not authorized to the specified user profiles.
If the DPROPR/400 control tables do not exist.
If the user running the command does not have permission to revoke authorities to the DPROPR/400 control tables.
If the Capture or Apply programs are running.

Table 19. RVKDPRAUT Command Parameter Definitions for AS/400

Parameter Definition and Prompts
USER Specifies the users whose authority is revoked.

user-name
Specifies the names of up to 50 users whose authority is revoked.
*PUBLIC
Specifies that authority is revoked from all users without specific authority, who are not on the authorization list, and whose group profile does not have any authority.

DPRVSN Specifies the version of DPROPR/400. You can specify one or both of the version levels.

1 (default)
Revoke authorities for Version 1 of DPROPR/400.
5
Revoke authorities for Version 5 of DPROPR/400.

Parameter	Definition and Prompts
USER	Specifies the users whose authority is revoked. `user-name` Specifies the names of up to 50 users whose authority is revoked. *PUBLIC Specifies that authority is revoked from all users without specific authority, who are not on the authorization list, and whose group profile does not have any authority.
DPRVSN	Specifies the version of DPROPR/400. You can specify one or both of the version levels. 1 (default) Revoke authorities for Version 1 of DPROPR/400. 5 Revoke authorities for Version 5 of DPROPR/400.

Example

To revoke authorities to the control tables:

RVKDPRAUT USER(user-name) DPRVSN(5)

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]