Currently DB2 native grants / revokes are in use for controlling access to DB2 objects.

In order to use top secret as external security, what are the setup requirements in DB2 so that Top Secret can managing DB2 object level access? 

Is an assemble and link edit of DSN@XAC with any CA Top Secret module required? 

• Release : 16.0
• Component : CA Top Secret Option for DB2

A Link Edit of CADB2XAC Exit

1. Run the DB13XAC job from the sample JCL library.
2. This job link edits the CADB2XAC exit module into an installation defined SDSNEXIT library with the name DSNX@XAC, replacing the existing version of that module.

Important! Include this library in the concatenation only for DB2 subsystems that will be running CA Top Secret Option for DB2.

The CADB2XAC exit module has two functions:

• Implementation of Broadcom supplied version of DSNX@XAC notifies the DB2 subsystem that external security will be implemented in this subsystem.
• The DB2 subsystem is instructed to abend if it receives a security call other than through the CA Top Secret Option for DB2 external security interface. 

These instructions help ensure that the subsystem does not start without proper CA ENF for DB2 initialization.