Local Db2 access
A local Db2 user is subject to several security checks.
For example, when Db2 runs under TSO and use the TSO logon ID as the Db2 primary authorization ID, that ID is verified with a password when the user logs on.
When the server is the local Db2 subsystem, RACF® verifies the password and checks whether the authorization ID is allowed to use the Db2 resources that are defined to RACF. If an exit routine is defined, RACF or the z/OS® Security Server perform additional security checking.