Entering content frame

Background documentation Maintenance Actions in the DBA Cockpit (DB2 UDB for UNIX and Windows) Locate the document in its SAP Library structure

The DBA Cockpit provides a set of actions which allow you not only to monitor but also to maintain the database. To be able to perform these actions, the SAP user must be granted some additional authorizations.

The maintenance actions provided in the DBA Cockpit set locks on a database object to prevent parallel processing. All changes to the database are recorded in an audit log file.

Authorization Check

When you start the DBA Cockpit or change to another system in the DBA Cockpit, an authorization check is performed:

·        For RFC-monitored systems, the authorization check is performed in the monitored system. That is, the user that was configured in the RFC destination for remote access must have the appropriate authorization.

·        For systems monitored via remote database connections the authorization check is performed in the local system.

If you configure the DBA Cockpit itself, for example, by adding new systems, the authorization check is performed in the local system, too.

Maintenance of the database in general may be enabled or disabled using profile parameter dbs/db6/ccms_maintenance. If this profile parameter is not set in the instance profile, the default value 1 is used.

There are two kinds of authorization checks depending on profile parameter dbs/db6/ccms_maintenance:

·        If the profile parameter is set to 0, the SAP user cannot perform any maintenance actions, regardless of his personal permissions.

·        If the profile parameter is set to 1, the SAP user can perform maintenance actions depending on his personal permission for authorization object S_RZL_ADM. Attribute ACTVT of this authorization object determines whether a user may maintain or only monitor objects.

Granting of Database Permissions

To be able to access the database, the user used for remote monitoring must at least be member of the group, which was set as SYSMAINTgroup in the database manager configuration. The user depends on the type of system to be monitored:

·        Local systems and RFC-monitored systems use the <sid>adm user. <sid>adm already has sufficient permissions as he is already member of the database manager SYSCTL group.

·        Systems monitored via remote database connections use the user specified for the database connections. For SAP systems based on SAP Web AS lower than Release 6.40, usually sap<sid> is used to have the correct schema for monitoring. User sap<sid> is not automatically member of the SYSMAINTgroup.

Locking of Actions

For each maintenance action that you have selected using the DBA Cockpit, a lock is set in the system being monitored. For RFC-monitored systems a lock is set in the monitored system. For systems monitored via remote database connections and for the configuration of the DBA Cockpit itself a lock is set in the local system.

All locks are released when you exit the DBA Cockpit or when you change to another system.

Auditing of Maintenance Actions

When you make changes that affect database objects such as database configuration parameters or tablespaces, an audit log is written. You can display this audit log in the DBA Cockpit.

For more information, see Displaying the Audit Log.

 

 

Leaving content frame