Modifying the RACF profile for use with Data Gate

Modify the RACF profile to add definitions for the key ring and access permissions on the z/OS® system or LPAR that contains the Db2® subsystem or data sharing group you are configuring for the Data Gate instance.

About this task

The profile meant here is the RACF® profile in the z/OS system or LPAR that contains the Db2 subsystem or data sharing group you want to configure for Data Gate use.

Procedure

Add definitions for the key ring and access permissions to the RACF profile as shown.
The following example shows a JCL that creates the required RACF objects and grants the required permissions for the user who runs the Db2 started tasks. The name of this user is DB2USER. Adapt this example according to your needs.
//CERTAUTH JOB ,
//         MSGLEVEL=(1,1),REGION=0M
//CRTCRT   EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSUADS  DD DSN=SYS1.UADS,DISP=SHR
//SYSLBC   DD DSN=SYS1.BRODCAST,DISP=SHR
//SYSTSIN  DD *
SETROPTS CLASSACT(DIGTCERT DIGTRING)
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(DB2USER) ACCESS(CONTROL)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(DB2USER) ACCESS(READ)
SETR RACLIST (DIGTRING) REFRESH
SETR RACLIST (DIGTCERT) REFRESH
SETR RACLIST (FACILITY) REFRESH
Tip: You can add these commands and the commands in the sections that follow to the same JCL, so that finally, only one job needs to be submitted.