How to setup DB2 to use Top secret as an external security?
search cancel

How to setup DB2 to use Top secret as an external security?


Article ID: 209887


Updated On:


Top Secret


Currently DB2 native grants / revokes are in use for controlling access to DB2 objects.

In order to use top secret as external security, what are the setup requirements in DB2 so that Top Secret can managing DB2 object level access? 


Is an assemble and link edit of DSN@XAC with any CA Top Secret module required? 





Release : 16.0

Component : CA Top Secret Option for DB2


A Link Edit of CADB2XAC Exit

Run the DB13XAC job from the sample JCL library. 
This job link edits the CADB2XAC exit module into an installation 
defined SDSNEXIT library with the name DSNX@XAC, replacing 
the existing version of that module.

Important! Include this library in the concatenation only for 
DB2 subsystems that will be running CA Top Secret Option for DB2.

The CADB2XAC exit module has two functions:
■ Implementation of  CA Technologies supplied version of DSNX@XAC 
notifies the DB2 subsystem that external security will be implemented in this subsystem.
■ The DB2 subsystem is instructed to abend if it receives a security call other than through 
the CA Top Secret Option for DB2 external security interface. 

These instructions help ensure that the subsystem does not start without proper CA ENF 
for DB2 initialization.