Now you're getting into the gray zone. In my opinion, t
depends on how you want to handle it and what kind of security you
want to offer, so it requires a detailed "list of services", well,
more like a security strategy to see how it can be implemented, for
The standard way is to handle DB2 internally (SECADM or not,
they're DB2), but that does not mean that the RACF group is not
involved because they still have to take care of the DSNR class,
and of course, to handle the security on the dataset level, so,
strictly speaking, that already is a mixed way, but it has to be
detailed in how you want to implement projects (here's another
example, you can limit access to DB2 from remote applications by
using RACF or internally via DB2 and get the same effect). So....
if you want a technical view, it requires to detail what the
security strategy will be and how it can be best implemented to go
full RACF, full DB2, or standard and go from there, that's why it's
the gray zone, and the worst part is that most of the time it
requires to plan very far ahead.
Hope that helps,
Btw, I'm not sure if my email shows in my profile if you look at
it, but you can always reach me there.
Javier Estrada Benavides,
Certified DB2 11 for z/OS System Administrator. Mexico