Db2 and the z/OS Security Server

The z/OS® Security Server prevents unauthorized system access and can protect Db2 resources, such as tables. The z/OS Security Server is sometimes referred to as RACF®, which is one of its key components.

To control access to your z/OS system, you can use the Resource Access Control Facility (RACF) component of the z/OS Security Server or an equivalent product. When users begin sessions, the z/OS Security Server checks their identities to prevent unauthorized system access. The z/OS Security Server provides effective protection for Db2 data by permitting only Db2-managed access to Db2 data sets.

By using the z/OS Security Server, you can directly control most authorization to Db2 objects, define authorization, or use multilevel security.

Recommendation: Use the z/OS Security Server to check the identity of Db2 users and to protect Db2 resources.