Show TOC

Trusted Contexts (DB2)Locate this document in the navigation structure

Using a trusted context in an application can improve security by placing accountability at the middle-tier, reducing over granting of privileges, and auditing of end-user's activities.

Trusted contexts are supported for DB2 for z/OS v9.x and higher and DB2 for Common Server v9.5 and higher. PowerDesigner models trusted contexts as extended objects with a stereotype of <<TrustedContext>>.

Creating a Trusted Context

You can create a trusted context in any of the following ways:

  • Select Start of the navigation path Model Next navigation step Trusted Contexts End of the navigation path to access the List of Trusted Contexts, and click the Add a Row tool.

  • Right-click the model (or a package) in the Browser, and select Start of the navigation path New Next navigation step Trusted Context End of the navigation path.

Trusted Context Properties

You can modify an object's properties from its property sheet. To open a trusted context property sheet, double-click its Browser entry in the Trusted Contexts folder.

The following extended attributes are available on the DB2 tab:

Name

Description

Enable

Specifies that the trusted context is created in the enabled state.

Scripting name: Enable

Authorization

Specifies that the context is a connection that is established by the authorization ID that is specified by authorization-name.

Scripting name: Authorization

Default role

Specifies the default role that is assigned to a user in a trusted connection when the user does not have a role in the trusted context.

If empty, then a No Default Role is assumed.

Scripting name: DefaultRole

As object owner

[DB2 for z/OS only] Specifies that the role is treated as the owner of the objects that are created using a trusted connection based on the trusted context.

Scripting name: WithRoleAsObjectOwner

Default security label

[DB2 for z/OS only] Specifies the default security label for a trusted connection based on the trusted context.

Scripting name: DefaultSecurityLabel

Attributes

Specifies one or more connection trust attributes that are used to define the trusted context.

Scripting name: Attributes

With use for

Specifies who can use a trusted connection that is based on the trusted context.

Scripting name: WithUseFor