The base TSS doesn’t protect any of the DB2 resources without the TSS for DB2 product. There are 2 ways to secure DB2:
1)Native DB2 security. The DBA issues grants to the objects to give people access.
2)TSS for DB2, which is designed to mimic native DB2 security, but it gives control of the security to the security administrator (taking it away from the DBA). The base TSS is needed for the ADDs and PERMITs of the DB2 resources and for responding to the security calls saying access allowed, access denied, or resource not defined to security.
The base TSS documentation has the DB2 resources in there because ADDs and PERMITs for those resources are handled in the base TSS (not TSS for DB2).