Authorization of REST service users

You can use a Db2 REST profile in the RACF® DSNR resource class to manage a user's access to the Db2 REST service APIs.

To authorize access, issue the RACF RDEFINE command to define a Db2 REST protected access profile in an active DSNR resource class. A REST protected access profile has a name in the form of subsystem.environment, where subsystem is the name of a Db2 subsystem and environment denotes the REST environment. For example, you can issue the following command to define profile DB2T.REST for subsystem DB2T with a universal access authority of NONE:

RDEFINE DSNR (DB2T.REST) OWNER(DB2OWNER) UACC(NONE)

You can then issue the RACF PERMIT command to give users access to profile DB2T.REST. For example, you can issue the following command to authorize user DB2USER1 access to profile DB2T.REST:

PERMIT DB2T.REST CLASS(DSNR) ID(DB2USER1)  ACCESS(READ)

Db2USER1 can now access Db2 by using Db2 REST service APIs.