On 28-Sep-2015 09:06 -0600, Justin Taylor wrote:
I think this IBM doc relates to my problem:
"Job Control Required To Set Query Timeout Limit With Database Host
Server"
[https://www-304.ibm.com/support/entdocview.wss?uid=nas8N1012740]
Reference #: N1012740 Historical Number: 536538849
My apps have been setting the query time-out since 2008. I'm not
sure why the AF entries just started appearing recently.
Perhaps "Application Administration" changes? For reference:
[
http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahf/rzahfauthopt.htm]
_Authority Options for SQL Analysis and Tuning_
"This topic describes the authority options for SQL analysis and tuning.
DB2® for i has a rich set of commands, stored procedures, APIs and tools
for analysis and tuning of the performance aspects of database
applications. Previously, a system security officer would need to grant
*JOBCTL user special authority to enable database analysts and database
administrators to use the database tools. Since *JOBCTL authority allows
a user to change many system critical settings that are unrelated to
database activity, it was not an easy decision for security officers to
grant this authority. In some cases, it was an easy decision and *JOBCTL
was not granted to database analysts, thus prohibiting the use of the
full set of database tools.
Note: For more information about setting overrides for the QAQQINI file
refer to the following link: QAQQINI file override support.
Now the security officer has additional capability to authorize access
to database analysis tools and the SQL Plan Cache. DB2 for i which takes
advantage of the function usage capability available in the operating
system. A new function usage group called QIBM_DB has been created with
two function IDs in the QIBM_DB group:
1. QIBM_DB_SQLADM (IBM i Database Administrator tasks)
2. QIBM_DB_SYSMON (IBM i Database Information tasks)
The security officer now has flexibility to grant authorities by either;
granting *JOBCTL special authority or authorizing a user or group to the
IBM i Database Administrator Function through Application Administration
in System i® Navigator of IBM® Navigator for i. The Change Function
Usage (CHGFCNUSG) command, with a function ID of QIBM_DB_SQLADM, can
also be used to change the list of users that are allowed to perform
Database Administration operations. The function usage controls allow
groups or specific users to be allowed or denied authority. The
CHGFCNUSG command also provides a parameter which can be used to grant
function usage authority to any user that has *ALLOBJ user special
authority. (e.g. ALLOBJAUT(*USED))
The *Database Administrator* function is needed whenever a user is
analyzing and viewing SQL performance data. Some of the more common
functions are displaying statements from the SQL Plan Cache, analyzing
SQL Performance Monitors and SQL Plan Cache Snapshots, and displaying
the SQL details of a job other than your own.
The database administrator function usage is an alternative to granting
*JOBCTL, but it does not replace the requirement of having the correct
object authority. To enable database administrator tasks which are
unrelated to performance analysis, refer to the specific task for
details on the authorization requirements. For example, to allow an
administrator to reorganize a table, they must have object authorities
granted, which are not covered by QIBM_DB_SQLADM.
In addition to QIBM_DB_SQLADM, the Change Function Usage (CHGFCNUSG)
command, with a function ID of QIBM_DB_SYSMON, can also be used to
change the list of users that are allowed to perform Database
Information operations.
..."
midrange.com
