Previous Topic: DXT UtilityNext Topic: DDF Support


DB2 Support

CA Top Secret r 4.4 and above supports DB2 Version 2 SQL for Secondary Authorization IDs. Secondary Authorization IDs are defined to CA Top Secret through the IBMGROUP resource. At logon, CA Top Secret automatically builds a list of authorized IBMGROUPs for use by DB2. Since this list is built at logon, access qualifiers such as time of day and day of week are only validated at that time. The list of IBMGROUPs is not refreshed until the next logon.

Note: The CA Top Secret DB2 exits provided in r 4.2 of CA Top Secret are no longer necessary. The DB2 authorization exits (DSN3@ATH and DSN3@SGN) provided by IBM, however, are.

Connecting to DB2 With CICS

In a CICS environment, the value of the primary AUTHID is dependent on how the AUTH= parameter is coded in the CICS RCT. There are several valid parameters for AUTH=; the most important ones are described below.

AUTH=GROUP

Uses the signon CICS userid as the primary AUTHID. A signon is not driven for this event. This performs the same function as AUTH=USERID with the added benefit of improved performance.

AUTH=USERID

Uses the signon CICS userid as the primary AUTHID. A signon is driven for this event even though the userid is already signed on to CICS.

AUTH='acidname'

Uses the acidname as the primary AUTHID. A signon is driven if the acidname is a valid CA Top Secret ACID with access to the CICS facility being used.

AUTH=TXID

Uses the CICS transaction name as the primary AUTHID. A signon is driven if the primary AUTHID and the transaction name are valid CA Top Secret ACIDs with access to the CICS facility being used.

CA Top Secret IMS ACEE Locater Subroutine

The DB2 DSN3@SGN exit looks at the ACEE to determine the groups that are used as the DB2 Secondary Authorization IDs. In an IMS environment, if the ACEE is not available, the exit issues a RACROUTE REQUEST=VERIFY,ENVIR=CREATE call to obtain the ACEE. These RACROUTE calls can produce a great deal of overhead.

CA Top Secret /MVS provides a subroutine, TSS3@LOC, to locate the ACEE of an IMS user. By using this subroutine, called by the DSN3@SGN exit, you can locate the ACEE of an IMS user without resorting to a RACROUTE call.

To use the subroutine, the following conditions must exist:

The following entry conditions apply:

The following exit conditions apply:

R15

Return code from the subroutine

0

ACEE found and returned in R1

4

ACEE not found; caller must issue RACROUTE REQUEST=VERIFY,ENVIR=CREATE

8

Unsupported environment (not MPP/BMP with CA Top Secret )

16

Subroutine encountered logic error

R1

Address of ACEE if R15=0. If R15 does not equal 0, R1 will contain a 0.