The DB2 connection definition command thread attribute descriptions are:
COMAUTHID is not suitable if you are using RACF for some or all of the security checking in your DB2 address space; use COMAUTHTYPE instead, with the USERID or GROUP options. This is because threads using a COMAUTHID do not pass the required RACF access control environment element (ACEE) to DB2. The ACEE is not required if you are only using DB2 internal security, so in this case, you can use COMAUTHID.
The ID that you specify can be up to eight characters in length.Acceptable characters:
Unless
you are using the CREATE command, any lowercase characters you enter are converted
to uppercase. |
If you are using RACF for some or all of the security checking in your DB2 address space, you need to use the USERID or GROUP options. This is because only threads defined with these options pass the required RACF access control environment element (ACEE) to DB2. The ACEE is not required if you are only using DB2 internal security, so in this case, you can use any of the options.
Acceptable characters:
Unless
you are using the CREATE command, any lowercase characters you enter are converted
to uppercase. |
IDs passed to DB2 | How DB2 interprets values |
---|---|
CICS sign-on user ID (USERID) | Represents the primary DB2 authorization ID. |
RACF connected group name | If the RACF list of group options is not active, DB2 uses the connected group name supplied by the CICS attachment facility as the secondary DB2 authorization ID. If the RACF list of group options is active, DB2 ignores the connected group name supplied by the CICS attachment facility, but the value appears in the DB2 list of secondary DB2 authorization IDs. |
To use the CGROUP option the CICS system must have SEC=YES specified in the CICS system initialization table (SIT).
If no RACF group ID is available for this USERID, an 8-character field of blanks is passed to DB2 as the group ID.
If a transaction is started (using a CICS command) and has no terminal associated with it, the COMAUTHTYPE(TERM) should not be used.