Reusing a local trusted connection through the SQL CONNECT statement

DB2®, on successful authorization, invokes the connection exit routine if it is defined. The connection then has a primary authorization ID, zero or more secondary IDs, and an SQL ID.

DB2 searches to determine if the primary authorization ID is allowed to use the trusted connection. If the primary authorization ID is allowed, DB2 determines if the SECURITY LABEL attribute is defined in the trusted context for the user either explicitly or implicitly. If the SECURITY LABEL attribute is defined with a security label, DB2 verifies the security label with RACF®. If the security label verification is successful, DB2 switches the user on the trusted connection. DB2 uses the security label for multilevel security verification for the user.

If the primary authorization ID is not allowed to use the trusted connection or if the security label verification is not successful, DB2 returns the connection to an unconnected state. The only action you can take is to establish a valid authorization ID to be associated with the trusted connection. Until a valid authorization is established, any SQL statement that you issue causes DB2 to return an error.