Creating Remote Trusted Context (RACF: SERVAUTH)

M Mahrous

Creating Remote Trusted Context (RACF: SERVAUTH)

Dears I'm trying to create a remote trusted context with attribute "SERVAUTH", as shown Below

 
CREATE TRUSTED CONTEXT TEST
BASED UPON CONNECTION USING SYSTEM AUTHID TESTUSER
DEFAULT ROLE TESTROLE WITH ROLE AS OBJECT OWNER AND QUALIFIER
ATTRIBUTES (SERVAUTH 'EZB.STACKACCESS.**') ENABLE
WITH USE FOR TESTUSER


So I Need help about syntax for SERVAUTH Profile, how to create it (From RACF Side). to be able to use it on trusted context as attribute "to be able to use the defined trusted context from Data Studio and RACF in the same time".

Troy Coleman

Creating Remote Trusted Context (RACF: SERVAUTH)
(in response to M Mahrous)
I wrote a blog post on this a few years ago
http://ibmsystemsmag.com/blogs/db2utor/may-2016/using-trusted-context-on-a-local-connection/

In this post I had someone ask about using SERVAUTH and I posted these
links as reference to help.
https://www.ibm.com/support/knowledgecenter/SSEPEK_11.0.0/seca/src/tpc/db2z_grantaccess2remotereq.html
https://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.halz001/netaccessstatement.htm

I personally have not set this up and I never got word back from the person
if this worked out for him.
Let me know if you get it working. Maybe you can post a respond on my
blog at the link above.

Thank you,

Troy Coleman

M Mahrous

RE: Creating Remote Trusted Context (RACF: SERVAUTH)
(in response to Troy Coleman)

Dear Troy,

unfortunately after creating profile and granting all required privileges, I still can't use the trusted context. 

Jørn Thyssen

RE: Creating Remote Trusted Context (RACF: SERVAUTH)
(in response to M Mahrous)

Please post specific SQL statement, sqlcode, sqlca, any RACF error messages, etc 

 

(See http://www.idug.org/p/fo/et/thread=47634)

 

Best regards,

Jørn Thyssen

Rocket Software
77 Fourth Avenue • Waltham, MA • 02451 • USA
E: [login to unmask email] • W: www.rocketsoftware.com 

Views are personal. 

M Mahrous

RE: Creating Remote Trusted Context (RACF: SERVAUTH)
(in response to Jørn Thyssen)

Dear Jorn,

 

after creating RACF Profile on SERVAUTH Class EZB.NETACCESS.** (and granting read access to TESTUSER)

and granting access on TCPIP for TESTUSER, and creating ROLE (TESTCON) and grant sysadm to it 
kindly find the statement "GRANT SYSADM ON SYSTEM TO ROLE TESTCON"

kindly find the below SQL statement for creation Trusted Context:

CREATE TRUSTED CONTEXT TEST_CON
BASED UPON CONNECTION USING SYSTEM AUTHID TESTUSER
DEFAULT ROLE TESTCON WITH ROLE AS OBJECT OWNER AND QUALIFIER
ATTRIBUTES (SERVAUTH 'EZB.NETACCESS.**') ENABLE
WITH USE FOR TESTUSER

kindly find the below while I'm trying to select from any catalog table (as example)

SELECT * FROM SYSIBM.SYSROLES

DB2 SQL Error: SQLCODE=-551, SQLSTATE=42501, SQLERRMC=TESTUSER;SELECT;SYSIBM.SYSROLES, DRIVER=4.17.30

.. for more clarification I'm trying to create Trusted Context that make users use it from (data studio and z/OS).