DB2 Resource Class—Secure DB2 Databases

Resources › DB2 Resource Class—Secure DB2 Databases

DB2 Resource Class—Secure DB2 Databases

Valid on z/OS.

Use DB2 to secure a DB2 database.

For connection authorization, individual ACID checking is not performed for CICS and IMS but instead for the ACID associated with the CICS and IMS started tasks or the associated MASTFAC ACID. The ACID associated with a job is used to validate the connection for TSO and BATCH.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) DB2(DSNR.)
TSS ADDTO(acid) DB2(DXT.dddd)

DSNR: Class name provided for a DB2 resource for DB2 and subsystem connection.
DXT: Access to data elements through the Data Extract Utility.
dddd: One to four character data element (file, PCB, view)
Prefix length: One to eight characters
Capacity of list: One to five DB2 resources per TSS command

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) DB2(DSNR.ssss.BATCH)
TSS PERMIT(acid) DB2(DSNR.ssss.DIST)
TSS PERMIT(acid) DB2(DSNR.ssss.MASS)
TSS PERMIT(acid) DB2(DSNR.ssss.SASS)
TSS PERMIT(acid) DB2(DXT.dddd)

DSNR: Class name provided for a DB2 resource for DB2 and subsystem connection.
ssss: The site's subsystem name for DB2.
BATCH: For BATCH and TSO connections.
DIST: For Distributed Data Facility (DDF).
MASS: For IMS connection.
SASS: For CICS connection.
DXT: For access to data elements through the Data Extract Utility.
dddd: One to four character data element (file, PCB, view).
Prefix length: One to forty‑four characters per prefix
Capacity of list: One to five prefixes per TSS command

DB2 is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS
The DB2 ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
The ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
DB2(OWN) authority to ADDTO or REMOVE ownership of DB2 resources from ACIDs
DB2(XAUTH) authority to PERMIT or REVOKE access to DB2 resources

The administrator can use any of the following methods to control access to DB2 resources: Expiration, Facility, Time/Day, and Actions.

Example: DB2 resource class

This example protects access to an IMS system with the IMS ID of IMSB, by assigning ownership to the Software Department:

TSS ADDTO(SOFTDEP) DB2(IMSB.MASS)

The administrator may now PERMIT access to users or profiles that require access.

This example removes ownership:

TSS REMOVE(SOFTDEP) DB2(IMSB.MASS)

This example permits a user (GKM75) to access an IMS system with the IMSID of IMSB:

TSS PERMIT(GKM75) DB2(IMSB.MASS)

This example revokes access:

TSS REVOKE(GKM75) DB2(IMSB.MASS)