Command thread attributes
Describes the attributes of the DB2CONN resource that relate to the command thread. A command thread is used when the DSNC transaction is used to send a command to Db2® and when CICS® issues a command to cancel a thread that is active in Db2 as part of the processing of a CICS task purge or forcepurge request.
The DB2 connection definition command thread attribute descriptions are:
- COMAUTHID(userid)
- Specifies
what id the CICS DB2® attachment facility should use
for security checking when using command threads.
Do not use COMAUTHID if you are using RACF for some or all of the security checking in your DB2 address space; use COMAUTHTYPE instead, with the USERID or GROUP option. You can also use COMMAUTHTYPE with the SIGN option when the SIGNID attribute on the DB2CONN definition matches the CICS region user ID. This is because threads using a COMAUTHID do not pass the required RACF access control environment element (ACEE) to DB2. The ACEE is not required if you are only using DB2 internal security, so in this case, you can use COMAUTHID.
The ID that you specify can be up to eight characters in length.Acceptable characters:
Unless you are using the CREATE command, any lowercase characters that you enter are converted to uppercase.A-Z 0-9 $ @ # - COMAUTHTYPE({USERID|OPID|GROUP|SIGN|TERM|TX})
- Specifies
the type of id that can be used for security checking when using command
threads.
If you are using RACF for some or all of the security checking in your DB2 address space, use the GROUP, SIGN or USERID options. This is because only threads defined with these options pass the required RACF access control environment element (ACEE) to DB2. However, if you specify the SIGN option, the ACEE is passed to DB2 only if the value specified for the SIGNID attribute on the DB2CONN definition matches the CICS region user ID.
- USERID
- The 1 to 8-character userid associated with the CICS transaction
is used as the authorization ID. The name can be up to eight characters
in length.
Acceptable characters:
Unless you are using the CREATE command, any lowercase characters that you enter are converted to uppercase.A-Z 0-9 $ @ #Important: Do not specify COMMAUTHTYPE(USERID) when you use the DB2 sample sign-on exit DSN@SGN, as this may result in an SQL -922 failure. Specify COMMAUTHTYPE(GROUP) instead. - OPID
- The operator identification associated with the userid that is associated with the CICS transaction sign-on facility is used as the authorization ID (three characters padded to eight).
- GROUP
- Specifies the 1 to 8-character USERID and the connected group
name as the authorization ID. The following table shows how these
two values are interpreted by DB2.
IDs passed to DB2 How DB2 interprets values CICS sign-on user ID (USERID) Represents the primary DB2 authorization ID. RACF connected group name If the RACF list of group options is not active, DB2 uses the connected group name supplied by the CICS attachment facility as the secondary DB2 authorization ID. If the RACF list of group options is active, DB2 ignores the connected group name supplied by the CICS attachment facility, but the value appears in the DB2 list of secondary DB2 authorization IDs. To use the CGROUP option the CICS system must have SEC=YES specified in the CICS system initialization table (SIT).
If no RACF group ID is available for this USERID, an 8-character field of blanks is passed to DB2 as the group ID.
- SIGN
- Specifies that the SIGNID attribute of the DB2CONN is used as the resource authorization ID.
- TERM
- Specifies the terminal identification (four characters padded
to eight) as an authorization ID. An authorization ID cannot be obtained
in this manner if a terminal is not connected with the transaction.
If a transaction is started (using a CICS command) and has no terminal associated with it, the COMAUTHTYPE(TERM) should not be used.
- TX
- Specifies the transaction identification (four characters padded to eight) as the authorization ID.
- COMTHREADLIM({1|value})
- The number specifies the current maximum number of command threads the CICS DB2 attachment facility allows active before requests overflow to the pool.