You can define and use a Db2 RACF® custom field to provide a
limit for a user's concurrent sessions. Db2 uses
the value of this field to define the maximum number of concurrent
threads for the primary authorization ID of the current ACEE when
the COMCRIT subsystem parameter is set to YES.
About this task
A RACF administrator
or user who is authorized to define custom fields and add or update
data in a custom field can complete this task.
Procedure
To define the maximum number of concurrent sessions for
a user ID:
- Issue the RDEFINE command to define the new custom field
USER.CSDATA.DSNMUCTL with the following attributes:
RDEFINE CFIELD USER.CSDATA.DSNMUCTL UACC(NONE)
CFDEF(TYPE(NUM)
MAXLENGTH(4)
MINVALUE(0)
MAXVALUE(2000)
HELP('DB2 MAX USER CONCURRENT THREAD LIMIT, 4 DIGITS')
LISTHEAD('DB2 MAX USER THREAD LIMIT='))
The
maximum value for this field is 2000 because Db2 allows
a maximum of 2000 concurrent threads.
- Issue the RLIST command to list the new custom field and
review the results of the RDEFINE processing:
RLIST CFIELD USER.CSDATA.DSNMUCTL CFDEF NORACF
- Add custom field data to the CSDATA segment of a user or
group profile by issuing the following command, where USERABC is
the user ID or group ID and nnnn is the maximum
number of concurrent threads.:
ALTUSER USERABC CSDATA(DSNMUCTL(nnnn))
- Issue the LISTUSER or LISTGRP command to review the contents
of the CSDATA segment for the changed user or group profile:
LISTUSER USERABC CSDATA NORACF
Results
If the USER.CSDATA.DSNMUCTL custom field is not associated
with a primary authorization ID in RACF,
there is no limit on the number of concurrent sessions for that user
ID.
Only new sessions that start while the COMCRIT subsystem
parameter is set to YES are counted toward the number of concurrent
sessions for a user ID.