DB2 and the z/OS Security Server

To control access to your z/OS system, you can use the Resource Access Control Facility (RACF) component of the z/OS Security Server or an equiva lent product. When users begin sessions, the z/OS Security Server checks their identities to prevent unauthorized system access. You can also use the z/OS Security Server to protect DB2 resources, such as tables.

Recommendation: Use the z/OS Security Server to check the identity of DB2 users and to protect DB2 resources. The z/OS Security Server provides effective protection for DB2 data by permitting only DB2-managed access to DB2 data sets.

You can directly control most authorization to DB2 objects by using the z/OS Security Server. If you want to define authorization or you want to use multilevel security, consider using the z/OS Security Server for DB2 authorization.

“Authorizing users to access data” on page 328 describes additional security and authorization mechanisms that control access to DB2 data.