Modifying the RACF profile for use with Data Gate
Modify the RACF profile to add definitions for the key ring and access permissions on the z/OS® system or LPAR that contains the Db2® subsystem or data sharing group you are configuring for the Data Gate instance.
About this task
Procedure
Add definitions for the key ring and access permissions to the RACF profile as shown.
The following example shows a JCL that creates
the required RACF objects and grants the required permissions
for the user who runs the Db2 started tasks. The name of this
user is
DB2USER
. Adapt this example according to your
needs.//CERTAUTH JOB ,
// MSGLEVEL=(1,1),REGION=0M
//CRTCRT EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSUADS DD DSN=SYS1.UADS,DISP=SHR
//SYSLBC DD DSN=SYS1.BRODCAST,DISP=SHR
//SYSTSIN DD *
SETROPTS CLASSACT(DIGTCERT DIGTRING)
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(DB2USER) ACCESS(CONTROL)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(DB2USER) ACCESS(READ)
SETR RACLIST (DIGTRING) REFRESH
SETR RACLIST (DIGTCERT) REFRESH
SETR RACLIST (FACILITY) REFRESH
Tip: You can add these commands and the
commands in the sections that follow to the same JCL, so that finally, only one job needs to be
submitted.