Controlling stored procedure access to non-Db2 resources by using RACF

You can control Db2 stored procedure access to non-Db2 resources (such as VSAM files) by using RACF® (or another external security product).

Procedure

Begin general-use programming interface information.To control access to non-Db2 resources for an existing stored procedure that does not require RACF (or another external security product):

  1. Issue the ALTER PROCEDURE statement with the SECURITY USER clause.
  2. Ensure that the user ID that calls the stored procedure has RACF authority to the resources.
  3. Enable RACF checking for the caller's ID.
  4. For improved performance, specify the following keywords in the COFVLFxx member of library SYS1.PARMLIB to cache the RACF profiles in the virtual look-aside facility (VLF) of z/OS®.
    For example: 
    CLASS NAME(IRRACEE)
EMAJ(ACEE)
    End general-use programming interface information.