ACEE creation and management enhancement for ESAF Db2 interface

In IMS 15, a new optional keyword RLA= Y|N is added to the SSM member of the IMS PROCLIB data set for the Db2 subsystem to reduce the overheads of ACEE creation and management. This is delivered through APAR PH33024.

The ACEE (accessor environment element) is needed for external subsystem (ESS) thread processing to avoid using Db2 internal security. Previously, an ESS created and managed the ACEE for every ESAF call whenever the ACEE was needed with the exception of using ESAF_SIGNON_ACEE for a JVM dependent region. As a result, much workload was caused in the ACEE creation and deletion for every ESAF call. To improve the ESS performance in ACEE creation and management, a Region Level ACEE (RLA) parameter is added to the SSM member of the IMS PROCLIB data set for the Db2 subsystem. RLA= is a keyword-only parameter that cannot be specified as a positional parameter.

With APAR PH33024, IMS can optionally pass the dependent region address space level ACEE to the Db2 at external subsystem (ESS) Signon. When RLA=Y is specified for an Db2 entry in SSM= proclibmember, the region level ACEE is passed to Db2 at ESS Signon if there is no ESAF_SIGNON_ACEE present and no TCB level ACEE is present.

This enhancement reduces the overhead of ACEE creation and management because the ACEE is created only once when IMS dependent region address space is initialized and the ACEE is available for future use.

Security considerations

This enhancement would allow Db2 to use external security processing rather than use the internal processing by default. Because there is a one-to-one relationship between IMS transaction code, IMS PSB name, and Db2 package names, and IMS checks the transaction code versus the actual end user ID at the transaction point of entry, it is often acceptable to use the dependent region address space user ID and not the actual end user ID to perform Db2 external security processing. The address space user ID can be controlled by customer to match the IMS/Db2 workloads running in the dependent region. Different dependent regions can have different user IDs.

Changes to troubleshooting for IMS

A new message DFS7432I will be issued with the subsystem name and the job name information when a dependent region is up with the parameter RLA=Y is specified.

For a complete list of all of the new, changed, and deleted messages, and abend codes in IMS 15, see Message and code changes in IMS 15.

Changes to commands

The /DISPLAY SUBSYS command has been enhanced to include the parameter RLA= to display on the second line of the /DIS SUBSYS command output to show the RLA value for the IMS control region. This could be Y, N, or blank. When blank is displayed, it means the RLA= is not specified in the control region SSM proclibmember.

Documentation changes

The following table lists the publications that contain new or changed topics for the New function name enhancement. Publications that are not impacted by this enhancement are not included in the table.

Table 1. Links to topics that have new or changed content for this enhancement
Publication	New or changed topics
Release planning	General planning information for IMS 15 Message and code changes [New messages and codes for IMS 15] IMS 15 enhancements IMS 15 system continuous delivery functions ACEE creation and management enhancement for ESAF Db2 interface (new) (this topic)
System definition	Defining your external subsystems to IMS SSM= parameter for procedures
Diagnosis	Layout of the X'58' variable section
IMS messages and codes	DFS messages- DFS7432I
IMS commands	IMS commands- /DISPLAY SUBSYS command
Db2 for z/OS documentation	Installing or Migrating to Db12 for Db2 12 for z/OS