A SERVICE OF

logo

Open as PDF
next previous
BMC Software, Inc., Confidential and Proprietary Information
4-44 Administrative Products for DB2 Installation Guide
Enabling the Use of Secondary Authorization IDs
Enabling the Use of Secondary Authorization IDs
Summary: This section describes the steps that your DB2 system administrator must
perform to enable the use of secondary authorization IDs for the MVS
Server. The sample connection exit that is supplied by IBM builds a list of
secondary authorization IDs that is based on the user ID that is associated
with the started task address space. As a result, this exit does not build the list
of secondary authorization IDs for each client as it does for a TSO address
space. To properly build the list of secondary authorization IDs for each
client, BMC Software modified the exit. The version of the connection exit
that is supplied by BMC Software builds a list of secondary authorizations
that is based on the user ID that is associated with each client for the MVS
Server. This sample exit is distributed in the product’s HLQ.CNTL data set as
member DSN3SATH.
When the modified version of the exit is used, the secondary authorizations
are dependent on RACF. If RACF and the list-of-groups checking are
activated, the connection exit sets the list of DB2 secondary authorizations to
the list of RACF group names to which the user ID is connected.
If you are already running a modified connection exit or your site uses a
security system other than RACF, you should review the sample exit that
BMC Software provided and note any modifications. (Modifications are
indicated by BMC34575 after each line of code.) You can then incorporate
these changes into your existing exit.
Note: If your DB2 subsystems do not share a single HLQ.SDSNEXIT data
set, your DB2 system administrator should perform the following
steps for each subsystem.
Step 1 Rename member DSN3@ATH in the HLQ.SDSNEXIT data set to another
name.
Step 2 Assemble and link member DSN3SATH in the HLQ.CNTL data set with the
same JCL that is provided for the IBM-supplied exit. DB2 creates
DSN3@ATH.
Step 3 Cycle DB2.
Where to Go from Here
After you enable the use of secondary authorization IDs, you verify the
installation. For more information, see “Verifying the Installation of the MVS
Server” on page 4-45.