4.1 Previous DB2 versions Prior to DB2 Version 5 and OS/390 V2R4, only the DB2 native security mechanisms of GRANT and REVOKE could be used to control access to DB2 objects such as tables, views, and databases. DB2 administrators were also required to be security administrators, and in an effort to centralize the security administrative tasks, a dummy exit point was introduced with DB2 V5 that offered the ability to move some of the administrative tasks to RACF. In order to take advantage of RACF, it was necessary to replace this dummy exit point with the RACF DB2 external security module, which was provided as a sample assembler language routine in SYS1.SAMPLIB(IRR@XACS). Once the exit was installed it was called whenever access control decisions were needed for integrated DB2 processing with RACF security. DB2 V9 The IRR@XACS exit is no longer shipped with RACF in SYS1.SAMPLIB. It has changed substantially and is now shipped with DB2 as FMID HDRE810. As a result of this the previous exit is no longer usable with DB2 V9. If you have the RACF/DB2 external security module installed it will be necessary to migrate to the new RACF access control module for DB2 V9. 4.1.1 Security implementation Implementing the RACF access control module involves the interaction of RACF, DB2, and z/OS system software, each with its own required skills. It is important to get the correct system programmers together for the planning and implementation of the RACF access control module.