Managing access through RACF

You can control whether a local or remote application can gain access to a specific Db2 subsystem from different environments. You can set different levels of security depending on whether the requesting application uses SNA or Transmission Control Protocol/Internet Protocol (TCP/IP) protocols to access Db2.

After the local system authenticates the incoming ID, it treats the ID like a local connection request or a local sign-on request. You can process the ID with your connection or sign-on exit routine and associate secondary authorization IDs with the ID. If you are sending a request to a remote Db2 subsystem, that subsystem can subject your request to various security checks.

You can use an external security system, such as RACF®, IMS, or CICS®, to authorize and authenticate a remote request before it reaches your Db2 subsystem. The discussion in the following topics assumes that you use RACF, or an equivalent system, for external access control.