Planning RACF security for Db2

The most significant part of the planning process is planning to expand RACF protection and administration to Db2 subsystem resources.

Plan to cover the following tasks.

1. Examining the current RACF environment, including the user group structure, resource naming conventions, and use of grouping classes.
2. Examining the Db2 objects, looking for naming conventions and other similarities in resource names that you can exploit with generic RACF profiles.
3. Examining the GRANT authorizations in place for Db2 objects to see which RACF user groups you can define, or exploit, to reduce the RACF authorizations you must create using the RACF PERMIT command.
4. Planning which Db2 objects and administrative authorities to protect, determining access requirements, and incorporating the new subsystem resources into the current RACF structure.
5. Considering the use of RACF variables to facilitate resource naming conventions for Db2 resources.
6. Integrating new Db2 users into the RACF user structure and delegating RACF group and class authorities.