Trusted contexts

A trusted context is an independent database entity that you can define based on a system authorization ID and connection trust attributes. Start of change The system authorization ID for a trusted context can be the primary authorization ID or one of the secondary authorization IDs, such as a RACF group. End of change

Start of change The trust attributes specify a set of characteristics about a specific connection. These attributes include the IP address, IP subnet address, domain name, or SERVAUTH security zone name of a remote client and the job or task name of a local client. End of change

A trusted context allows for the definition of a unique set of interactions between Db2 and the external entity, including the following abilities:

The ability for the external entity to use an established database connection with a different user without the need to authenticate that user at the Db2 server. This ability eliminates the need to manage end-user passwords by the external entity. Also, a database administrator can assume the identity of other users and perform actions on their behalf.
The ability for a Db2 authorization ID to acquire one or more privileges within a trusted context that are not available to it outside of that trusted context. This is accomplished by associating a role with the trusted context.

The following client applications provide support for the trusted context:

The Db2 Universal Java™ Driver introduces new APIs for establishing trusted connections and switching users of a trusted connection.
The Db2 CLI/ODBC Driver introduces new keywords for connecting APIs to establish trusted connections and switch users of a trusted connection.
The WebSphere® Application Server 6.0 exploits the trusted context support through its "propagate client identity" property.