Db2 for z/OS and its ecosystem

Db2 for z/OS and its ecosystem

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only

More flexibility for using trusted contexts in Db2 13 For z/OS

By Paul McWilliams posted Fri September 19, 2025 01:34 PM

  
By Gayathiri Chandran and Paul McWilliams

In Db2 for z/OS, trusted contexts provide better access control based on connection attributes like IP address, encryption, and user identity. Trusted contexts also let you assign role-based access dynamically depending on how a user connects—making it easier to enforce security policies across diverse environments, from local batch jobs to cloud-based applications. 

Each trusted context is an independent database entity that enables the following capabilities for Db2 servers:

  • Enforce connections to be established from trusted environments. 
  • External entities can connect by using established connections, making it optional to authenticate each user separately at the server, enhancing user accountability at the server.
  • Authorization IDs can acquire role-based privileges within a trusted context that are otherwise unavailable to them. 
Now in Db2 13 for z/OS function level V13R1M100 or higher, three recent new-function APARs are available that provide increased flexibility for using trusted contexts: 

IPv4 and IPv6 Subnet Support for the ADDRESS Attribute – APAR PH64533 (April 2025)

This APAR enhances the ADDRESS attribute in trusted context definitions by allowing IPv4 and IPv6 subnet addresses, in addition to individual IPs and domain names. This is particularly useful for organizations managing access from cloud-based clients or segmented networks, where IP ranges are dynamic but fall within known subnets, enabling more granular and flexible control over trusted connections. 

Trusted Contexts for Both Local and Remote Connections – APAR PH65634 (May 2025)

With this APAR, Db2 now supports defining trusted contexts that apply to both local and remote connections. Before this APAR, each trusted context had to be limited to either local (such as TSO and batch) or remote (such as JDBC and ODBC) connections. This update removes that restriction, allowing a single trusted context to span multiple connection types, simplifying configuration and enhancing consistency in access control. 

RACF Group Support in SYSTEM AUTHID Clause – APAR PH64219 (July 2025)

This APAR introduces the ability to specify secondary authorization IDs, such as RACF groups, in the SYSTEM AUTHID clause when creating or altering a trusted context. Previously, each trusted context required a unique system authorization ID. With this enhancement, multiple trusted contexts can now be associated with a single primary ID via different RACF groups, improving scalability and manageability. 

Conclusion

These enhancements make trusted contexts more powerful and adaptable—helping Db2 for z/OS customers meet modern security demands with less complexity and greater control. Learn more.

#Db2forz/OS 

0 comments
28 views

Permalink

https://community.ibm.com/community/user/blogs/paul-mcwilliams1/2025/09/19/more-flexibility-for-trusted-contexts-db2-13-zos