Security in CICS-DB2 with RACF



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Security in CICS-DB2 with RACF

Postby AllardK » Tue Apr 28, 2020 5:35 pm

Hello,

als an newbie I am teaching myself the mainframe-tools. I have written CICS-COBOl-DB2 programs and the JCL to compile them. The transactions are defined and installed in CICS and work fine. The CICS-DB2 attachement facility DB2CONN is also defined.
The transactions work fine. As long as I dont use RACF.

Now I am teaching myself RACF. Security is set to YES in the SIT.
- Users are defined in RACF, and can logon in CICS using CESN.
- Transactions are defined in RACF.
- Users are authorised to use the transactions and that works well also.

Except when DB2 is adressed. The only thing that does nog work is the DB2CONN. It will not install becauso of a security problem.

- If I define DB2CONN=YES in the SIT I get this security error during CICS startup
- If I login als user with SPECIAL authority and try to install the DB2CON definition using CEDA I also get the security error.

I just don’t now how to define the DB2CON-resource in RACF and give the right user-id (START2, CICSUSER, IBMUSER?) auhority to perform the install of the DB2CONN, either during CICS startup (which I prefer) of using CEDA als CICS-usser.

Can anybody help?

Thanks in advance!
AllardK
 
Posts: 17
Joined: Tue Apr 28, 2020 4:27 pm
Has thanked: 5 times
Been thanked: 0 time

Re: Security in CICS-DB2 with RACF

Postby enrico-sorichetti » Tue Apr 28, 2020 7:41 pm

did You perform all the cics db2 preparation steps

the steps for db2 11 are described here
https://www.ibm.com/support/knowledgece ... rview.html

something similar is available for the db2 version You are using

goole with something along the lines of "racf db2 security setup"
cheers
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
enrico-sorichetti
Global moderator
 
Posts: 3006
Joined: Fri Apr 18, 2008 11:25 pm
Has thanked: 0 time
Been thanked: 165 times

Re: Security in CICS-DB2 with RACF

Postby AllardK » Tue Apr 28, 2020 9:22 pm

Hello Enrico,

thanks for the quick reply.

I dont want to use RACF on DB2 but only secure CICS. The security problem that I have is with DB2CONN which is a CICS object and is under control of CICS and RACF.

Kind regards

Allard
AllardK
 
Posts: 17
Joined: Tue Apr 28, 2020 4:27 pm
Has thanked: 5 times
Been thanked: 0 time


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post