When Db2 cannot provide an ACEE

Db2 cannot provide an ACEE in some situations.

If you are not using external security in CICS® (for example, SEC=NO is specified in the DFHSIT), CICS does not pass an ACEE to the CICS attachment facility. When Db2 does not have an ACEE, it passes zeros in the XAPLACEE field. If this happens, your routine can return a 4 in the EXPLRC1 field, and let Db2 handle the authorization check.

Restrictions:

• An ACEE address may not be available for IMS transactions unless IMS is configured to use either APPC/OTMA security full or the IMS Build Security Environment exit (DFSBSEX0). You need to code DFSBSEX0 to return RC4 in register 15, which will instruct IMS to create the ACEE in the dependent region.
• The ACEE address is passed for CICS transactions, when available. If you implement the Db2 CICS attachment facility and CICS is configured to use an external security manager, such as RACF, Db2 passes the ACEE address, if available.
• The ACEE address is passed for Db2 commands, when available. If the master console is used, Db2 does not pass the ACEE address because an ACEE is not available. However, if the user signs on to an MVS operator console, Db2 passes the ACEE address, if available.