Hi,
Here is one topic for you in controlling access to DB2 Subsystems:
There are two very important IBM supplied default Exit routines.
DB2 provides 2 exit points for authorization routines:
1) Connection Processing - DSN3@ATH
2) Sign-on Processing - DSN3@SGN
DB2 also provides a third exit point - DSNX@XAC which gives you the flexibility to furnish your own access control routines or use RACF (or equivalent) to perform system authorization checking.
DB2 passes 3 possible functions while invoking authorization routine
a) Initialization - DB2 Startup
b) Authorization check
c) Termination - DB2 Shutdown
There are certain situations where Exit routines may not be called
1) If the user is a Install SYSADM or Install SYSOPR
2) Grant statement is executed
3) If previous invocation indicated the routine should not be called again
4) DB2 security has been disabled (AUTH (DSNZPARM) - Use Protection is set to NO or in DSNTIPP panel)
Cheers...
Prakash C. Singh
IBM Certified DB2 DBA
1 comment:
Hi Mr. Singh
DSNX@XAC and DSN3@ATH are mutually exclusive or not ?
Suposing that both exit routines are defined and some user has insufficient access authority through DSNX@XAC but is allowed to access the resourcet hrough DSN3@ATH, what happens ?
regards
Jaime Rinaldi
Post a Comment