I wanted a drop in solution with just RACF & DB2 commands. Doesn't look like it exists.
On Sun, 23 Nov 2025 23:10:10 -0600 Jon Perryman <[email protected]> wrote: :>On Mon, 24 Nov 2025 00:40:47 +0200, Binyamin Dissen <[email protected]> wrote: :>>DB2 query - is there a way to give a specific permission for a user to SET :>>CURRENT SQLID to another user without special privileges? Something thru the :>>surrogate class? :>I researched (never implemented) this for a project and found that DB2 secondary authorization id's are implemented through a DB2 user exit. Maybe someone has used it but if not, the doc is https://www.ibm.com/docs/en/db2-for-zos/13.0.0?topic=applications-using-secondary-ids-sign-requests :>I suspect you could implement it using SUROGAT but I suspect there must be a reason why IBM chose RACF groups. Hopefully someone has some real experience. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
