search cancel

Does Top Secret for DB2 use the ZPARM AUTHEXIT_CHECK?


Article ID: 213252


Updated On:


Top Secret


Does TSSDB2 make use of either of the two settings for AUTHEXIT_CHECK?   (PRIMARY or, DB2)

If so,  how does the setting AUTHEXIT_CHECK=DB2  work? 


Release : 16.0

Component : CA Top Secret Option for DB2


The AUTHCHECK_EXIT parameter was introduced with DB2 v11. 

The parameter is supported by CA Top Secret for DB2.  As it is implemented by IBM, the setting of the parameter determines what user(ACEE) is passed to the security exit for resource validation checks. 

Top Secret for DB2 will use whichever ID IBM passes for validation. 

Thus, AUTHEXIT_CHECK=DB2 will cause the DB2 OWNER for a plan or package to be used to validate accesses because that is the id that will be passed.