A useful tip for all you DB2 z/OS types
Author: James Gill Get free access to the entire library
Don't have an account?
When you use stored procedures that have a USS component or function embedded, you have to start using the RACF PROGRAM class to ensure that module access is controlled and the environment is allowed to run. The problem with this is that the class references the dataset that the module is loaded from, and if you create a new dataset with each new maintenance level of DB2 (and access these through aliases), then you need to update the PROGRAM entities with each maintenance rollout.
There is an alternative approach, which is to bypass the module access checking from USS for non-USS datasets (regular load libraries). Whilst this approach reduces the security for these modules, access to the profile that allows this is controlled. It can be implemented like this:
RDEFINE FACILITY BPX.DAEMON.HFSCTL UACC(NONE) OWNER(IBMUSER)
PERMIT BPX.DAEMON.HFSCTL CLASS(FACILITY) ID(someid) ACCESS(READ)
Where someid is the userid used to run the WLM managed stored procedure address spaces.
If you have any questions or comments about this knowledge base article then please use the contact us form to get in touch