What are the necessary RACF permissions required for the Sysview MVS Db2 option connecting
to Sysview Performance Management Option for Db2 for z/OS (IDB2)?

The following RACF statements are needed for the IDB2 :

RDEFINE APPL DB2TOOLS UACC(NONE) <== define the DB2TOOLS application
SETROPTS CLASSACT(APPL) <== define the DB2TOOLS application
SETROPTS GENERIC(PTKTDATA) <== specify this command if you want to implement a generic user ID

SETROPTS CLASSACT(PTKTDATA) RACLIST(PTKTDATA) <== activate the PassTicket class if currently not active

RDEFINE PTKTDATA DB2TOOLS SSIGNON(KEYMASKED(<xxxxxxxxxxxxxxxx>)) <== define profiles for the applications and specify an encryption
key (KEYMASKED). Replace SSKEY with 16 hex digits of your choosing. Each application key must be the same on all systems in the configuration and the values must be secret.

RDEFINE PTKTDATA IRRPTAUTH.DB2TOOLS.* OWNER(userid) UACC(NONE) <==designate no universal access, so that explicit permissions must be granted to individual users
PERMIT IRRPTAUTH.DB2TOOLS.* ID(userid) CLASS(PTKTDATA) ACCESS(UPDATE) <== grant update access to user id

RALTER PTKTDATA DB2TOOLS APPLDATA('NO REPLAY PROTECTION') <==bypass PassTicket replay protection when the threat of PassTicket replay is not a security concern

PERMIT DB2TOOLS CLASS(APPL) ID(userid) <== permit access to the DB2TOOLS application for each CA SYSVIEW for DB2 component user that
is permitted to access the component data from SYSVIEW for DB2 using Xnet
--
Also, If the XNET STC userID is not a logon-able ID it is recommended to specify NOOPSPTCKT or supply a TSO ID that has an
associated pw and specify it with the parm OPSPTCKTID(tso id) in the PXNPARM member used by the XNET task.