Does Top Secret for DB2 use the ZPARM AUTHEXIT_CHECK?

book

Article ID: 213252

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Does TSSDB2 make use of either of the two settings for AUTHEXIT_CHECK?   (PRIMARY or, DB2)

If so,  how does the setting AUTHEXIT_CHECK=DB2  work? 

Environment

Release : 16.0

Component : CA Top Secret Option for DB2

Resolution

The AUTHCHECK_EXIT parameter was introduced with DB2 v11. 

The parameter is supported by CA Top Secret for DB2.  As it is implemented by IBM, the setting of the parameter determines what user(ACEE) is passed to the security exit for resource validation checks. 

Top Secret for DB2 will use whichever ID IBM passes for validation. 

Thus, AUTHEXIT_CHECK=DB2 will cause the DB2 OWNER for a plan or package to be used to validate accesses because that is the id that will be passed.