Controlling users' access to DB2CONN, DB2TRAN, and DB2ENTRY resource definitions

You can control users' access to DB2CONN, DB2TRAN, and DB2ENTRY resource definitions by enabling different CICS security mechanisms.

About this task

The following security mechanisms can be used to control user access to DB2 resource definitions.

Control users' ability to access particular resources by using the CICS resource security mechanism. Resource security is implemented at the transaction level. For example, you could prevent some users from modifying a particular DB2ENTRY definition. Using resource security to control access to DB2ENTRY and DB2TRAN resource definitions tells you how to use this security mechanism.
Control users' ability to issue particular SPI commands against DB2-related resources by using the CICS command security mechanism. Command security is also implemented at the transaction level. For example, you could permit only certain users to issue CREATE and DISCARD commands against DB2ENTRY resource definitions. Using command security to control the issuing of SPI commands against DB2CONN, DB2ENTRY, and DB2TRAN resource definitions tells you how to use this security mechanism.
Control users' ability to modify the authorization IDs that CICS provides to DB2, by using the CICS surrogate security and AUTHTYPE security mechanisms. The authorization IDs are used for DB2's own security checking, and they are set by the AUTHID, COMAUTHID, AUTHTYPE and COMAUTHTYPE attributes on DB2-related resource definitions, and by the SIGNID attribute on the DB2CONN definition for the CICS region. CICS checks that the user who wants to modify the authorization ID, is permitted to act on behalf of the existing authorization ID that is specified in the resource definition. Using surrogate security and AUTHTYPE security to control access to the authorization IDs that CICS provides to DB2 tells you how to use these security mechanisms.