We are turning up DDF on our V6 DB2 UDB for OS/390 system to allow a Solaris application client access DB2 data. The install manual indicates that for DDF, we need to execute the following RACF command;
ADDUSER ddfuid OMVS(UID(0)) , where ddfuid represents
the MVS user ID associated with the DDF address space.
So I sent a memo to our RACF admin requesting the change and not sure what MVS user ID would be assocated with DDF.
Our RACF admin is now having a cow because DDF would have superuser authority, (UID=0). I've tried to explain that the RACF definition are coming from the DB2 install guide and that DDF also would be running as a STC, but he still has the following questions;
1)Does the user-id REALLY have to have superuser authority (UID of 0)?
2)Can we set up a non-privileged user with the appropriate access so that we do not have to grant superuser authority for this functionality to work correctly?
3)From a security stand point, we would prefer to use a non-privileged account with the appropriate access instead of giving superuser privileges.
If anyone can help with the questions, it would be greatly appreciated.
CSU.org (Colorado Springs Utilities)