Manage database security - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - 6.x

Connect CDC Getting Started Guide

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect CDC (MIMIX Share)
Version
6.x
Language
English
Product name
Connect CDC
Title
Connect CDC Getting Started Guide
Copyright
2024
First publish date
2003
Last updated
2024-10-15
Published on
2024-10-15T20:38:41.117981
Table 1. Changes in this topic
Change type Description
Introduced in version 6.0 Added an option to grant specific access when creating a user profile.
As a best practice, it is recommended that you:
  • Replication user profile OMNIENT is created during installation with:
    • USRCLS(*SECOFR)
    • SPCAUT(*ALLOBJ *AUDIT *IOSYSCFG *JOBCTL *SAVSYS *SECADM *SERVICE *SPLCTL)
  • Use the replication user as is to set up your models, validate and commit, and then test.
  • Once everything runs as expected:
    • Use the Update replication user server authority option to grant specific access.
      This will grant specific authorities on all objects involved in model definition
      • Install library and objects
      • Metabase library and contents
      • Data libraries (Schemas) and files (Tables)
      • Journals underlaying Change Selectors
    • If you want to lower your user access, run this command:
      CHGUSRPRF USRPRF(OMNIENT) USRCLS(*USER) SPCAUT(*JOBCTL *SPLCTL)
    • Run production with restrained authorities
  • Conversely, if your user access is already lowered, and you want to increase authorization, issue this command:
    CHGUSRPRF USRPRF(OMNIENT) USRCLS(*SECOFR) SPCAUT(*ALLOBJ *AUDIT *IOSYSCFG *JOBCTL *SAVSYS *SECADM *SERVICE *SPLCTL)

You will only access permissions that are required for the job you are running. The Update replication user server authority option is only available for IBM i. Granted permissions are cumulative so using this feature for several models grants permissions to profiles but never remove previous ones.

Important: For security reasons, removing permissions must be done manually.
This manual operation performed by the power user makes sure all profiles are fitting security policy of the company. The power user can grant all necessary permission for Connect CDC execution on every objects:
  • Install library
  • metabase library
  • libraries and tables define in the model to allow the use for CDC


  1. Right-click the server to open the menu.
  2. Select Update replication user server authority.
  3. Enter User id and password to grant permissions to the OMNIENT user profile. For example, QSECOFR.

  4. Click OK.
  5. (Optional). Add additional users to a specific profile. For example, RPUSER1, RPUSER2.

  6. Click OK.
    Note: Each time the Update replication user server authority option is used, OMNIENT and RPUSER are always granted.