Managing access requests from local applications

If you request access to a local Db2 subsystem, your request is often subject to several checks before you are granted access.

If you run Db2 under TSO and use the TSO logon ID as the Db2 primary authorization ID, TSO verifies your ID when you log on. When you gain access to Db2, you can use a self-written or IBM®-supplied DSN3@ATH exit routine that is connected to Db2 to perform the following actions:

• Check the authorization ID again
• Change the authorization ID
• Associate the authorization ID with secondary IDs

After these actions are performed, the authorization ID can use the services of an external security system again.