If running the ACF2/DB2 option for DB2 security are TYPE(SAF) resource DSNR rules needed?

Release : 16.0

Component : ACF2 Option for Db2

This is related to DSNR resource class validations and it's relationship to the ACF2/DB2 option. 

For subsystems using the ACF2/DB2 Option, the use of the DSNR resource class(which defaults to TYPE(SAF)) might be unnecessary because you can use ACF2/DB2 rule sets to control access to DB2 resources and use the $SYSID control statement to determine which DB2 subsystems a user uses to access a DB2 resource. Sites that are running the ACF2/DB2 can either write resource rules for the DSNR resource class to provide additional security to control access to to DB2 from other environments(as described above) or write a RESOURCE class DSNR rule to allow all users access and rely on ACF2/DB2 security  to control access to DB2 resources.