Sunday, September 19, 2010

DB2 EXIT Routines


Here is one topic for you in controlling access to DB2 Subsystems:

There are two very important IBM supplied default Exit routines.

DB2 provides 2 exit points for authorization routines:

1) Connection Processing - DSN3@ATH

2) Sign-on Processing - DSN3@SGN

DB2 also provides a third exit point - DSNX@XAC which gives you the flexibility to furnish your own access control routines or use RACF (or equivalent) to perform system authorization checking.

DB2 passes 3 possible functions while invoking authorization routine

a) Initialization - DB2 Startup
b) Authorization check
c) Termination - DB2 Shutdown

There are certain situations where Exit routines may not be called

1) If the user is a Install SYSADM or Install SYSOPR
2) Grant statement is executed
3) If previous invocation indicated the routine should not be called again
4) DB2 security has been disabled (AUTH (DSNZPARM) - Use Protection is set to NO  or in DSNTIPP panel)

Prakash C. Singh
IBM Certified DB2 DBA