Protecting data sets through RACF

To fully protect the data in Db2, you must take steps to ensure that no other process has access to the data sets in which Db2 data resides.

Use RACF®, or a similar external security system, to control access to the data sets just as RACF controls access to the Db2 subsystem. This section explains how to create RACF profiles for data sets and allow their use through Db2.

Assume that the RACF groups Db2 and DB2USER, and the RACF user ID DB2OWNER, have been set up for Db2 IDs. Given that setting, the examples that follow show you how to:

• Add RACF groups to control data sets that use the default Db2 qualifiers.
• Create generic profiles for different types of Db2 data sets and permit their use by Db2 started tasks.
• Permit use of the profiles by specific IDs.
• Allow certain IDs to create data sets.