Does TSSDB2 make use of either of the two settings for AUTHEXIT_CHECK?   (PRIMARY or, DB2)

If so,  how does the setting AUTHEXIT_CHECK=DB2  work? 

Release : 16.0

Component : CA Top Secret Option for DB2

The AUTHCHECK_EXIT parameter was introduced with DB2 v11. 

The parameter is supported by CA Top Secret for DB2.  As it is implemented by IBM, the setting of the parameter determines what user(ACEE) is passed to the security exit for resource validation checks. 

Top Secret for DB2 will use whichever ID IBM passes for validation. 

Thus, AUTHEXIT_CHECK=DB2 will cause the DB2 OWNER for a plan or package to be used to validate accesses because that is the id that will be passed.