Initialization

Db2 passes one of three function codes to the RACF access control module for initialization, authorization checking, or termination.

To indicate the function to be performed, Db2 passes one of three function codes to the RACF access control module for initialization, authorization checking, or termination. For general information about initialization and termination information, see Managing security with the RACF access control module.

Any Db2 classes you want to use must be active during RACF access control module initialization (XAPLFUNC=1). You cannot activate a Db2 class later and expect the RACF access control module to perform authorization checking against it, because the class will not be RACLISTed. RACLISTing is only done during initialization of the RACF access control module.

To start using Db2 classes that were not previously RACLISTed during initialization, you must stop and restart Db2.

Once the Db2 subsystem has initialized, the following command must be issued to affect profile changes for classes being used by the RACF access control module:

SETROPTS RACLIST(classname) REFRESH

The following informational messages are issued for each initialization: IRR908I, IRR909I, IRR910I, and IRR911I.

Note: The classes listed in message IRR911I might be a valid subset of the classes listed in message IRR910I. The RACF access control module is programmed to RACLIST all supported Db2 classes. Message IRR910I lists the Db2 classes for which the RACF access control module has initiated RACLIST. However, message IRR911I lists only the Db2 classes that were successfully RACLISTed. In order to be successfully RACLISTed, a Db2 class must be active and contain at least one profile. Therefore, there are valid circumstances where the list of classes contained in IRR911I will be a subset of those listed in IRR910I.