Using secondary IDs for sign-on requests

The procedure is similar to that for connection processing. If you want to use RACF® group names as Db2 secondary IDs, the easiest method is to use the IBM®-supplied sample routine. An installation job can automatically replace the default routine with the sample routine.

Distinguish carefully between the two routines. The default sign-on routine provides no secondary IDs and has the following effects:

• The initial primary authorization ID remains the primary ID.
• The SQL ID is set equal to the primary ID.
• No secondary IDs exist.

Like the sample connection routine, the sample sign-on routine supports Db2 secondary IDs and has the following effects:

• The initial primary authorization ID is left unchanged as the Db2 primary ID.
• The SQL ID is made equal to the Db2 primary ID.
• The secondary authorization IDs depend on RACF options:
  • If RACF is not active, no secondary IDs exist.
  • If RACF is active but its list of groups option is not active, one secondary ID exists; it is the name passed by CICS® or by IMS.
  • If RACF is active and you have selected the option for a list of groups, the routine sets the list of Db2 secondary IDs to the list of group names to which the RACF user ID is connected, up to a limit of 1012 groups. The list of group names includes the default connected groupname.