Defining trusted contexts

A trusted context is an independent database entity that you can define based on a system authorization ID and connection trust attributes. The system authorization ID for a trusted context can be the primary authorization ID or one of the secondary authorization IDs, such as a RACF group.

For local connections, the primary authorization is derived as shown in the following table.

For remote connections, the primary is derived from the system user ID that is provided by an external entity, such as a middleware server.

The connection trust attributes identify a set of characteristics about the specific connection. The connection trust attributes are required for the connection to be considered a trusted connection. For a local connection, the connection trust attribute is the job or started task name. For a remote connection, the connection trust attribute is the client's IP address, IP subnet address, domain name, or SERVAUTH security zone name. The connection trust attributes are as follows:

ADDRESS

Specifies the client's IP address, IP subnet address, or domain name, used by the connection to communicate with Db2. The protocol must be TCP/IP.

SERVAUTH

Specifies the name of a resource in the RACF SERVAUTH class. This resource is the network access security zone name that contains the IP address of the connection to communicate with Db2.

ENCRYPTION

Specifies the minimum level of encryption of the data stream (network encryption) for the connection. Supported values are as follows:

• NONE - No encryption. This is the default.
• LOW - DRDA data stream encryption.
• HIGH - Secure Socket Layer (SSL) encryption.

JOBNAME

Specifies the local z/OS® started task or job name. The value of JOBNAME depends on the source of the address space, as shown in the following table.

Table 1. JOBNAME for local connections

Source	JOBNAME
Started task (RRSAF)	Job or started task name
TSO	TSO logon ID
BATCH	Job name on JOB statement