Controlling access to DB2-related resources in CICS

You can control access to DB2® resources in your CICS® region, and initiate security checking for the resources, by enabling an external security manager and the appropriate CICS security mechanism.

About this task

CICS users might want to perform the following activities involving DB2:

Inquire on, modify, create or discard DB2CONN, DB2ENTRY, and DB2TRAN resource definitions.
Use a transaction that accesses DB2 to obtain data, or issue CICS DB2 attachment facility commands or DB2 commands using the DSNC transaction.

Use RACF®, or an equivalent external security manager to perform security checks in your CICS region. When a user tries to access protected resources, CICS calls the external security manager to perform security checking. RACF makes security checks using the CICS user's ID, which is authenticated when the user signs on to CICS. If a user does not sign on to CICS, they are given the default user ID, unless a user ID has been permanently associated with a terminal using preset security.

Enabling the appropriate security mechanism for your CICS region: transaction-attach security, resource security, command security, or surrogate security.

For more information about CICS security, see Securing.