Installing the RACF access control module

The RACF access control module is an assembler source module that resides in the DSNXRXAC member of the prefix.SDSNSAMP library. To install the RACF access control module for a DB2 subsystem, you will copy, customize as needed, assemble, and link edit the module into the DB2 exit library (prefix.SDSNEXIT).

You can modify the way the RACF access control module works by customizing several assembler SET symbols located in the top of the source data set. The default values for all customization options as shipped with the RACF access control module are shown in Choosing the RACF access control module customization options.

Multiple DB2 subsystems can share the same copy of the RACF access control module as long as they use the same customization options. When subsystems require different options, you must install additional copies of the RACF access control module. Be sure that you associate each module with the correct DB2 version.

After you install the RACF access control module, it will become active the next time the DB2 subsystem is restarted when at least one RACF class associated with the DB2 subsystem is active at the time of the restart. Before restarting DB2, be sure that your implementation team has already defined appropriate RACF resources in the active DB2 classes or else your installation might cause unintended DB2 authorization failures or exposures.