Creating local trusted connections

When you attempt to create a local trusted connection, Db2 searches for a trusted context that matches the primary authorization ID or one of the secondary authorization IDs and the job or started task name that you supply. If Db2 finds a matching trusted context, Db2 checks if the DEFAULT SECURITY LABEL attribute is defined in the trusted context.

If the DEFAULT SECURITY LABEL attribute is defined with a security label, Db2 verifies the security label with RACF®. This security label is used for multilevel security verification for the system authorization ID. If verification is successful, the connection is established as trusted. If the verification is not successful, the connection is established as a normal connection without any additional privileges.

In addition, the Db2 online utilities can run in a trusted connection if a matching trusted context is defined, if the primary authorization ID or one of the secondary authorization IDs matches the SYSTEM AUTHID value of the trusted context, and if the job name matches the JOBNAME attribute defined for the trusted context.