I've been reading different articles and manuals in order to get myself acquainted with these new security enhancements.
The company that I work for is planning to implement them and, as the DBA and tech support person, I'm confused both about
how to implement it and if it fits our specific needs/environment.

We have a WAS application that connects to DB2 LUW and a whole user community spread in different user groups.
Up until now, we've implemented our security scheme thru GRANTs to LDAP user groups.
I was thinking that thru trusted contexts/roles we could minimize the need to change
authorizations within DB2 and limit the 'day to day' activities of user handling just to the LDAP user management.

I resist the idea of having me or the SECADM user group (Information Security dept) handling authorizations/grants
for hundreds of users within DB2 boundaries changing the authorized users allowed to use the newly defined
trusted contexts.

I wonder if I'm understanding the whole idea correctly.

Does anyone have any thoughts/ideas to share?

Thanks in advance!

Enrique Valdez