Initialization (XAPLFUNC = 1)

When the RACF access control module is called with XAPLFUNC function code of 1, it issues a RACROUTE REQUEST=STAT request to determine if RACF is active.

If RACF is not active, the RACF access control module returns to Db2 with a return code of 12. If RACF is active, the RACF access control module builds the class names, as specified by the assembler SET symbols, and performs a RACROUTE REQUEST=LIST,CLASS=classname for each new Db2-related class.

Attention

If you override &CLASSNMT or use the single-subsystem scope, the RACF access control module uses only installation-defined classes.
If you use the multiple-subsystem scope with the default &CLASSNMT, the RACF access control module uses classes supplied by IBM®.

The RACROUTE REQUEST=LIST,ENVIR=CREATE,GLOBAL=YES request brings profiles to a data space for that particular Db2 or allows a subsequent Db2 to use those in-storage profiles.

If no Db2-related classes were active, a failure occurs and the RACF access control module ends with a return code of 12.

Note: The following are not failures:

A class is not active (SAF RC=4, RACF RC=10)
A class is not defined (SAF RC=4, RACF RC=8)

If a class is not active or does not exist for an object or authority, the RACF access control module defers to Db2 for authorization checking and ends with a return code of 4.

If one request fails, the entire initialization fails. When this happens, the RACF access control module cleans up all the resources and ends with a return code of 12.

If you want to use Db2 classes for authorization against Db2 objects, the classes must be active when the subsystem is started.

Failures during initialization processing are indicated by a return and reason code pair and a message.

Initialization return and reason codes

The following return and reason codes are shown in decimal notation.

Return code

Meaning

0

Initialization successful.

Reason code: Meaning
0: Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used in the event of an error.
16: Installation option &ERROROPT was set to 2. Therefore, the Db2 system is requested to stop in the event of an error on a subsequent authorization check.

12

Initialization unsuccessful; don't call RACF access control module again.

Reason code: Meaning
1: An input Db2 subsystem ACEE was not provided. Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used.
2: RACF is not active. Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used.
3: RACROUTE REQUEST=LIST,ENVIR=CREATE failure. Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used.
4: No active Db2 classes. Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used.
10: Incorrect XAPL level. The value of XAPLLVL is less than V8R1M0. Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used.
12: Input Db2 subsystem ACEE was not valid. Installation option &ERROROPT was set to 1. Therefore, native Db2 authorization is used. Db2 authorization is used.
16: An initialization error occurred. Installation option &ERROROPT was set to 2. Therefore, the Db2 subsystem is requested to stop.