MIMIX support for row and column access control (RCAC) has the following restrictions:
-
Audits will compare and automatically recover the permissions and masks associated with files eligible for replication as well as the data within the files protected by enabled permissions and masks.
-
Files with large objects (LOBs) fields that are protected with enabled permissions or masks can be replicated. However, you cannot run the command SYNCDGFE METHOD(*DATA) against files with LOB fields that have enabled permissions or masks. If running this command is necessary in your environment, a possible workaround is to have the database administrator include the MIMIXOWN user profile in the authority groups for the permissions and masks for the file so that MIMIXOWN is allowed access to all of the rows and columns.
-
Be aware that, for the following conditions, automatic recovery actions for a file with enabled permissions or masks will perform a full save/restore of the file:
-
When journal inspection detects that the permissions or masks for a file were changed on the target system.
-
When permissions or masks were changed on the target system during the testing phase of a virtual switch.
-
When audits detect that permissions or masks for a file are not synchronized.
-
When an operation on a permission or mask is replicated to a system running an earlier release that does not support row and column access control, the file will be placed on hold.
-
When the following commands are invoked from the command line or by programs other than MIMIX, they will temporarily change the user profile of the job to the MIMIXOWN user profile while processing a file that has data protected by permissions or masks. The user profile of the job is changed back to its original value before the job ends. The affected commands are:
-
Synchronize DG File Entry (SYNCDGFE) with the sending mode specified as METHOD(*DATA).
-
Compare File Data (CMPFILDTA) when a data group is specified, or when the specified file is configured for replication.
-
When invoked from the command line or by programs other than MIMIX, the default behavior of the Copy Active File (CPYACTF) command is to fail when the specified file has permissions or masks. You can optionally specify ALWACCCTL(*YES) to allow a file that has permissions or masks to be copied using the function access authority of the user profile used to run the command. This may have undesirable results. The data copied into the resulting file depends on the access granted to the user profile used to run the command. Data to which the user is not authorized (rows, columns, or data within fields) will not be copied to the resulting file or may have different values (nulls or other values as determined by the administrator who defines access control).
-
The Reorganize Active File (RGZACTF) command will fail when the specified file has permissions or masks and the command has been invoked from the command line or by programs other than MIMIX.