Defining class names for Db2 objects in the RACF access control module
In the supplied class descriptor table (ICHRRCDX), two classes are defined for each Db2 object type so that each object type has an associated member class and an associated grouping class. Exceptions include the Db2 view object, which shares classes with the table object, and the role and trusted context objects, which are not protected by resource classes.
Installations defining their own classes can also define two classes for each object type, if you want member and grouping classes. If only one class is defined for each object type, the class name must begin with M
(not G
).
The actual format of the class names of Db2 objects depends on the classification model. The default name for the Db2 administrative authorities class is DSNADM. You can define an extra RACF class.