Controlling system startup for DBCTL security

The ISIS execution parameter for the control region includes a way to control the kind of security checking that is done during the current execution. The parameter determines what flexibility the DBCTL operator must override the choice of security checking. You must coordinate the setting of the ISIS= keyword parameter with both overall security design and operational procedures.

The ISIS keyword parameter allows you to choose the type of dependent region security you want (RAS) and which security facilities, RACF® or exit routines, will implement that security. You specify your choice using the ISIS= parameter. Your parameter options for ISIS= are as follows:

ISIS=0|N

Disables RAS security.

ISIS=1

Specifies RAS security using RACF. Specifying ISIS=1 is the same as specifying ISIS=N.

ISIS=2

Specifies RAS security using an exit routine. Specifying ISIS=1 is the same as specifying ISIS=N.

ISIS=R

Specifies RAS using RACF.

ISIS=C

Specifies RAS using an exit routine.

ISIS=A

Specifies RAS using both RACF and an exit routine.

If RACF is to be used for a CCTL, the CCTL JOB statement must include the USER specification. The CCTL itself can provide security checking (RACF or its own) independent of the DBCTL security checking that is described in this section.