Migration step 15: Define user authorization exit routines: DSNTIJEX (optional)

Start of changeYou can use job DSNTIJEX to define user authorization exit routines. If you did not run job DSNTIJEX in the release from which you are migrating, you can skip this step.End of change

About this task

Job DSNTIJEX builds sample authorization exit routines from the source code in prefix.SDSNSAMP. These sample authorization exit routines are DSN3@SGN and DSN3@ATH, and the user version of the access control authorization exit routine DSNX@XAC. DSNTIJEX then places the exit routines in the prefix.SDSNEXIT library.

Job DSNTIJEX includes a step to assemble and link-edit the sample version of DSNACICX, which you can use to modify CICS® parameters that the DSNACICS caller specifies. You can modify the access control authorization exit routine DSNX@XAC and use DSNTIJEX to assemble and link-edit it. This exit routine allows you to bypass some or most of DB2® authorization checking and to specify your own authorization checking. The DB2 CLIST tailors the JCL in DSNTIJEX to meet the requirements of your site.

The sample authorization exit routines are not the same as the default authorization exit routines that are supplied by DB2. By implementing the sample authorization exit routines, you can provide group names as secondary authorization IDs.

You have the following options regarding exit routines:

  • To use the default authorizations, skip job DSNTIJEX.
  • To use the sample authorization exit routines, run job DSNTIJEX.
  • To use your own authorization exit routines, modify job DSNTIJEX to reference the correct library, and then run it.

Procedure

If you choose to run job DSNTIJEX:

  1. Make the following optional adjustments to DSNTIJEX if they apply to your site:
    • DSNXSXAC is a copy of the default access control authorization exit routine that you can modify. This exit routine allows you to bypass some or most of DB2 authorization checking and to specify your own authorization checking. If you do not change the exit routine, you should delete this step.
    • DSNACICS is a stored procedure that invokes user exit routine DSNACICX, which you can use to modify CICS parameters that the DSNACICS caller specifies. If you do not need to modify the caller's parameter values, you can use the default DSNACICX exit routine. However, if you need to modify the caller's parameter values, you need to perform the following tasks:
      1. Write a user exit routine in assembler, COBOL, C, or PL/I
      2. Assemble or compile the source code
      3. Link-edit the object code into the DB2 exit routine library
      Installation job DSNTIJEX includes a step to assemble and link-edit the sample version of DSNACICX. You can use this step as a model for your program preparation job.
    • If you will use the RACF/DB2 external security module (DSNXRXAC) as your DB2 access control authorization exit, modify job DSNTIJEX to refer to DSNXRXAC instead of DSNXSXAC.
  2. Run job DSNTIJEX.

    If job DSNTIJEX runs successfully, it produces a return code of 0 or 4.

    If job DSNTIJEX fails or abends, correct the problem, and rerun the job.