The following defines the five-level hierarchy of Control Center authorization:
Level 1 is the lowest level of authorization to the Control Center product, meaning that level 1 is limited to the smallest subset of Control Center tools. Level 5, on the other hand, is the highest level of authorization to the Control Center product and can access and use all Control Center tools. This is a hierarchy, meaning each level is authorized to all tools at its level and all levels beneath it (Level 2 = Database Operator + Database User). For more information regarding these levels, refer to DB2 Server for VM Control Center Program Directory.
Table 11 is a list of System Administration tools and the authorization required to use each tool. You can change the authorization required by modifying the SQLMSTR PROFILE file on your Control Center service machine's 191 A-disk. To change a particular tools authorization, locate the referenced tool ID in the SQLMSTR PROFILE file and change the authorization level as required. For example, to prevent Database Operators (level 2) from being able to start database archives, you would locate the SQMARCH tool ID in the SQLMSTR PROFILE file and change the level required to 3 (meaning you need Database Administrator or higher authorization to use this tool).
| Important! |
|---|
|
Database User, Operator, and Administrator authorities are specified per database. This means Database Administrator authority to one database does not automatically give you Database Administrator authority to another. The authorization to databases is controlled and managed by the database parameters file on the Control Center 191 A-disk (refer to About the Database Parameters Tool). |
Table 11. Control Center Default Authorization List
| Tool ID | Menu Path | Level | Description |
|---|---|---|---|
| COUNTER | (O,CO) | 1 | Issue a specified Counter operator command |
| SHOW | (O) | 1 | Issue a specified SHOW operator command |
| SQMDBLST | (U,L) | 1 | List all files associated with a given database |
| SQMEVDIS | (MS,VE) | 1 | View events in the Master Schedule |
| SQMQSTAT | (S,D/S/N/A) | 1 | Query status of databases |
| SQMSFILE | (list opts) | 1 | Display/list files requested by user |
| VERSION | (cmode only) | 1 | Display Control Center version information |
|
| |||
| CANCEL | (A,C) | 2 | Cancel a currently running database Archive |
| FORCE | (O,F) | 2 | Force an active user off/out of the database |
| RESET | (O,R) | 2 | Reset specified database Counter(s) |
| SET | (O,SP/SS/ST) | 2 | Set specified database Counter(s) |
| SQMARCH | (A,I/S) | 2 | Initiate a database archive |
| SQMCUARC | (cmode only) | 2 | Update Control Center's user archive status variables |
| SQMDBEGN | (SI/SS) | 2 | Start a database |
| SQMDBEND | (E,N/Q/S/SQ) | 2 | Stop a database |
| SQMDBINI | (P,U) | 2 | Read a database PARMS file into Control Center memory |
| SQMMNSVU | (M,S) | 2 | Database monitor Schedule display |
| SQMMODEU | (S,D/S/N/A,c) | 2 | Update Control Center SQMODE database status variable |
| SQMQUARC | (cmode only) | 2 | Query internal Control Center user archive variables |
| SQMRECOV | (R,I/S) | 2 | Database recovery setup process (not start) |
| SQMRECQT | (R,C) | 2 | Cancel a currently running database recovery |
| SQMRECST | (R,I/S,...) | 2 | Control Center database recovery START |
| SQMRECTQ | (R,I/S,...) | 2 | Query tapes routine during recovery setup |
| SQMSTATU | (S,D/S/N/A,c) | 2 | Update Control Center internal DBSTATUS variable |
| SQMTAPEA | (TM,S) | 2 | Add a tape to a database TAPES file |
| SQMTAPEU | (TM,M) | 2 | Update database TAPES file menu options |
|
| |||
| SQMACCES | (cmode only) | 3 | Invoke reaccess of Control Center code disks |
| SQMADBEX | (U,E) | 3 | Add DBEXTENTs utility |
| SQMADBSP | (U,A) | 3 | Add DBSPACEs utility |
| SQMCDBEX | (U,C) | 3 | Copy/Move DBEXTENTs utility |
| SQMCIREO | (U,RC) | 3 | Database System Catalog Index reorg (SQLCIREO) |
| SQMCOLDL | (U,CL) | 3 | Initiate a database COLDLOG (SQLLOG) |
| SQMCONS | (G,CO/SO/SS) | 3 | Control Center console Close, Stop, and Start options |
| SQMDCHKQ | (cmode only) | 3 | Answer a Monitor query request |
| SQMDBCMS | (U,CO) | 3 | Tell a database to issue a CMS command |
| SQMDDBEX | (U,D) | 3 | Delete DBEXTENTs utility |
| SQMEVDEL | (MS,VE,d) | 3 | Delete an event from the Master Schedule |
| SQMEVENT | (MS,SE) | 3 | Schedule an event in the Master Schedule |
| SQMFLDEL | (G,F,d) | 3 | Schedule an event in the Master Schedule |
| SQMFLIST | (VJ - G,F) | 3 | Display a job file or a Control Center file |
| SQMJDONE | (cmode only) | 3 | Invoke Control Center Job Completion Handler routine |
| SQMJEXEC | (VJ,s) | 3 | Start a job menu option |
| SQMJSTRT | (cmode only) | 3 | Control Center Job initiator routine |
| SQMMNRPR | (M,P- M,L,p) | 3 | Database monitor report Purge/Refresh |
| SQMMNSL | (M,L) | 3 | Database monitor List |
| SQMMNSN | (M,V/L/M/A) | 3 | Database monitor View, Modify, Add, Delete |
| SQMMNSR | (M,R- M,L,r) | 3 | Database monitor Report display |
| SQMREORF | (U,SU) | 3 | Initiate a full single user mode reorg job |
| SQMREORG | (U,RS) | 3 | Initiate a single user mode database reorg job |
| SQMREOTI | (U,SU) | 3 | Collect tape control data for reorg unload job |
| TRACE | (O,TS/TO) | 3 | Initiate/Stop database tracing |
|
| |||
| CMD | (cmode only) | 5 | Display string specified on Control Center console |
| CMS | (A,G) | 5 | Tell Control Center to execute a specified CMS command |
| RDRLIST | (G,R) | 5 | Display Control Center's current reader list |
| SQMDBU | (cmode only) | 5 | Specific field update for database PARMS file |
| SQMPROFU | (AU,A/M/D) | 5 | Update Control Center user authorizations |
| SQMQPROF | (AU,L) | 5 | View Control Center user authorizations |
Menu Path indicates the panel selections required to invoke a specific tool ID. The COUNTER (O,CO) tool, for example, is invoked by selecting Option O (Operator commands) on the main Control Center panel, followed by Option CO (Counter command) on the next panel displayed. Options listed with '/' or options after '-' indicate alternative selection paths. 'cmode only' indicates that the tool can only be invoked through the Control Center command mode interface (refer to Appendix G, Command Mode Interface).
The Database Administration tools are not listed in the SQLMSTR PROFILE file, and therefore there are no corresponding tool IDs listed for these types of tools. This is because these are database application programs that are controlled by database connect authorizations. Use of the DBSPACE Reorganization tool for example, requires database connect authority. If a user has not been granted DBA connect authorization to a specified database, then that user would not be able to run any of the Database Administration tools for that database.