× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2018

*SQLPKG created by remote BIND from DB2 z/OS and authorisation

Dear Midrangers,

I have the need to run a COBOL program on mainframe (z/OS) and access from that program a table on iSeries through embedded static SQL. So, I prepare my COBOL program (pre-compile, compile, BIND) on mainframe and then run a remote BIND (just a regular BIND in DB2 mainframe, but with the location name of the iSeries database specified in the package name) to create the *SQLPKG required at runtime. So far so good.

But....

The *SQLPKG is created with the OWNER (as specified in the BIND statement) as the owner of it (well... what would you have expected?) and with three entries in the DSPOBJAUT list:

- *PUBLIC *EXCLUDE

- <owner group> *ALL

- <my GrpPRF> *ALL

Now, when this COBOL program will run in production, it will run under a production user profile (not mine, of course). That production user profile is not a member of the <owner group> and, obviously, not a member of my default group. In order to grant the production user the authority to execute the package what I actually want to see in the output of DSPOKBAUT is:

- *PUBLIC *USE

- <owner group> *ALL

Let's please not start to discuss the security implications of granting *USE (or indeed anything) to *PUBLIC. I know, I know...

My question is: How can I go about on mainframe, during program preparation, to tell the iSeries that the authority on the *SQLPKG must be different from the default settings?

I have googled already a lot, but could not find anything that would do the job. Yes, of course, I can change the authority once the *SQLPKG is created, but that would require a manual intervention on the iSeries and that is just not acceptable. Remember: the program preparation is run by the developer when in the development environment, then later when the program is promoted to production, by the change management suite that is running under a dedicated production user profile.

So, is there any means of specifying the authority settings in the BIND command? I see there is the GENERIC option in the z/OS BIND command to specify options to be transmitted to the target DB2. But what options should I specify in there (if at all there are any to be understood by the iSeries)?

Thanks and very best regards,

Jantje.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.