Using command security to control the issuing of SPI commands against DB2CONN, DB2ENTRY, and DB2TRAN resource definitions
Use CICS® command security mechanisms to protect DB2CONN, DB2ENTRY, and DB2TRAN resource definitions.
About this task
The CICS command security mechanism controls users' ability to issue particular SPI commands against types of DB2-related resource. For example, you can use it to control which users are allowed to issue CREATE and DISCARD commands against DB2ENTRY resource definitions. Unlike resource security, CICS command security cannot protect individual named resources; it is designed to protect types of resource. You can use command security to protect DB2CONN, DB2ENTRY, and DB2TRAN resource definitions.
When command security is enabled for a transaction, the external security manager checks that the user ID associated with the transaction is authorized to use that command to modify the type of resource that is involved. CICS command security has more information about this process.
db2ent1
, RACF checks: - That the user ID is authorized to issue the DISCARD command (ALTER authority) against the DB2ENTRY resource type.
- That the user ID is authorized to access the DB2ENTRY definition
db2ent1
with ALTER authority.
To protect your DB2-related resources using command security, complete these steps: