DB2 - L

 View Only
  • 1.  DB2 AND RACF PROTECTED USERID FAILURE

    Posted Oct 18, 2022 06:33 AM
    By using a PROTECTED userid to connect to run a SQL command we are receiving the following:
    How must we proceed to fix the issue?

    ------------------------------
    JOSE ANGELSANTAMARIAarcelormittal
    ------------------------------


  • 2.  RE: DB2 AND RACF PROTECTED USERID FAILURE

    Posted Oct 19, 2022 01:47 AM
    Typically one would use SYSIBM.USERNAMES to translate the inbound userid to the desired userid (STCOPCA in this case).  RACF (ACF/2 TSS) surrogate processing wouldn't be involved.

    You need to be careful about passwords - so they are not sent in the clear.  If you do need to supply a mainframe password (which you obviously cannot do with a protected userid), you'll probably want to use DSNLEUSR.

    An alternative, which I am merely mentioning - not recommending (because I've never done this), would be to modify the connection exit so that when user FRED connects, the primary auth-id and secondary auth-ids are replaced by STCOPCA's.  (I do know of sites that replace the primary auth-id based on connected RACF groups - something like that perhaps.)

    Finally, you could raise an Aha! to suggest that Db2 handles this. https://www.ibm.com/support/pages/how-submit-request-enhancement 

    James Campbell

    ------------------------------
    James Campbell
    ------------------------------