We are about to create a new Db2 subsystem and will be using the RACF exit [login to unmask email] for RACF controlled access. I understand there are two options for setting this up :
multi-system : there is one RACF class named MDSNTB which covers all Db2 subsystems that share the RACF database. In a multi-system, the RACF class is named MDSNTB and your profile name will begin with the Db2 subsystem name, like for example : DB2A.Q.STAFF.SELECT will give you select access to q.staff in subsystem DB2A
single-system : a separate RACF Class for tables is created for each subsystem. To get SELECT access to Q.staff in subsystem DB2B, you will need access in RACF class MDB2BTB, and the profile is named Q.STAFF.SELECT
Anyone have experience working with both? Are there pros/cons? My instinct is to go with single-system, so that the people who administer RACF for subsystem DB2A can be separated from those for DB2B if necessary.