Configuring authentication for RAA

Configure authentication for communicating with the IBM Rational Asset Analyzer (RAA) database.

About this task

Since RAA is hosted on a z/OS Db2 database, the z/OS credentials that are used to connect to Accelerator Loader should also be usable for the z/OS system where Db2 resides. By default, the Accelerator Loader server will attempt to use the same user ID that was presented for logon to z/OS for access to the RAA database. To use these credentials, the user ID must have SELECT access on the RAA tables in Db2.

If you choose to specify alternate credentials when communicating between the Accelerator Loader server and the RAA database, you must define what credentials to use. A facility is provided in the server to optionally change the logon credentials for a user when accessing the RAA database. To accomplish this, the following tools are provided:
HLVDRATH
A utility that sets encrypted passwords in GLOBALU variables. You can also use this utility to list existing credential information.
HLVEDB2G
An ATH rule that switches credentials when connecting to an RAA database using DRDA. This rule uses AES encrypted passwords stored as GLOBALU system variables.
You can use any of the following options for authentication:
  • Use z/OS IDs for authentication
  • Add a global default user definition using sample job HLVDRATH and enable ATH rule HLVEDB2G
  • Add authentication information for specific mainframe users using sample job HLVDRATH and enable ATH rule HLVEDB2G

If z/OS user IDs and passwords used to connect to the Accelerator Loader server are not authorized for the Db2 database hosting the RAA tables, you must define the credentials to use. Use the following procedure.

Procedure

  1. Use the sample job HLVDRATH to add a global default user definition or authentication information for specific mainframe users as follows:
    1. Locate the HLVDRATH member in the hlq.SHLVCNTL data set.
    2. Modify the JCL according to the instructions provided in the HLVDRATH member.

      When adding the SYSIN statements that define the alternate credentials for logging in to your RAA database, as instructed in the JCL, make sure to specify the correct DBTYPE. For RAA databases, specify DBTYPE=ZOSDRDA.

    3. Submit the job.
    4. Optional: To verify the information stored in the GLOBALU variables and list existing authentication, use the REPORT=SUMMARY statement in the HLVDRATH member and submit the job.
  2. Auto-enable the SEF ATH rule SHLVXATH(HLVEDB2G) to switch credentials when connecting to RAA using DRDA. Global variables are used to define alternate authentication credential mapping for the SEF ATH rule.
    1. On the main menu, select Server administration.
    2. On the Administer Accelerator Loader Server menu, select option 3 for Manage Rules.
    3. Select option 2 for SEF Rule Management.
    4. Enter * to display all rules, or ATH to display only authentication rules.
    5. Set Auto-Enable for the HLVEDB2G rule member by entering A and pressing Enter.