When the RACF access control module is invoked

The RACF access control module is invoked when Db2 starts, shuts down, or when authorization checking is performed for a privilege.

The RACF access control module is invoked in three instances:

• At Db2 startup

  When Db2 starts, the RACF access control module is invoked to allow the external authorization checking application to perform any required setup prior to authorization checking. An example of a required setup task is loading authorization profiles into storage. Db2 uses the reason code that the exit routine sets during startup to determine how to handle exception situations.

• When an authorization check is to be performed for a privilege

  At the point when Db2 would access security tables in the catalog, to check authorization on a privilege, the RACF access control module is invoked. The exit routine is only invoked if none of the prior invocations have indicated that the exit routine must not be called again.

• At Db2 shutdown

  When Db2 is stopping, the RACF access control module is invoked to let the external authorization checking application perform its cleanup before Db2 stops.