You can use the Resource Access Control Facility (RACF®) DSNR resource class to protect DB2® resources. This helps you centralize security management. This section gives you pointers to general information about setting up RACF protection for DB2 and specific information about the resources, groups, user IDs, and permissions used by WebSphere® Application Server for z/OS®.
The RACF DSNR class controls access to the DB2 subsystems. If the DSNR class is active, then WebSphere Application Server for z/OS controllers and servants need access to the db2_ssn. RRSAF profiles, where db2_ssn is your DB2 subsystem name. If a controller or servant does not have access, then that region will not initialize.
DB2 identification and signon exits (DSN3@ATH and DSN3@SGN) are used to assign authorization IDs. If you want to use secondary authorization IDs (RACF group names), then you must replace the default exits with these two sample routines. For details on how to install these sample routines, see DB2 Administration Guide.
WebSphere Application Server for z/OS does not support the protection of DB2 objects through the DSNX@XAC exit. To protect DB2 objects, you must use GRANT statements.
For more information on using RACF with DB2, see the documentation in the DB2 Information Centers.