On 28-Sep-2015 09:06 -0600, Justin Taylor wrote:
I think this IBM doc relates to my problem:
"Job Control Required To Set Query Timeout Limit With Database Host
Server"
[https://www-304.ibm.com/support/entdocview.wss?uid=nas8N1012740]
Reference #: N1012740 Historical Number: 536538849

My apps have been setting the query time-out since 2008. I'm not
sure why the AF entries just started appearing recently.

Perhaps "Application Administration" changes? For reference:

[http://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzahf/rzahfauthopt.htm]
_Authority Options for SQL Analysis and Tuning_
"This topic describes the authority options for SQL analysis and tuning.

DB2® for i has a rich set of commands, stored procedures, APIs and tools for analysis and tuning of the performance aspects of database applications. Previously, a system security officer would need to grant *JOBCTL user special authority to enable database analysts and database administrators to use the database tools. Since *JOBCTL authority allows a user to change many system critical settings that are unrelated to database activity, it was not an easy decision for security officers to grant this authority. In some cases, it was an easy decision and *JOBCTL was not granted to database analysts, thus prohibiting the use of the full set of database tools.

Note: For more information about setting overrides for the QAQQINI file refer to the following link: QAQQINI file override support.

Now the security officer has additional capability to authorize access to database analysis tools and the SQL Plan Cache. DB2 for i which takes advantage of the function usage capability available in the operating system. A new function usage group called QIBM_DB has been created with two function IDs in the QIBM_DB group:

1. QIBM_DB_SQLADM (IBM i Database Administrator tasks)
2. QIBM_DB_SYSMON (IBM i Database Information tasks)

The security officer now has flexibility to grant authorities by either; granting *JOBCTL special authority or authorizing a user or group to the IBM i Database Administrator Function through Application Administration in System i® Navigator of IBM® Navigator for i. The Change Function Usage (CHGFCNUSG) command, with a function ID of QIBM_DB_SQLADM, can also be used to change the list of users that are allowed to perform Database Administration operations. The function usage controls allow groups or specific users to be allowed or denied authority. The CHGFCNUSG command also provides a parameter which can be used to grant function usage authority to any user that has *ALLOBJ user special authority. (e.g. ALLOBJAUT(*USED))

The *Database Administrator* function is needed whenever a user is analyzing and viewing SQL performance data. Some of the more common functions are displaying statements from the SQL Plan Cache, analyzing SQL Performance Monitors and SQL Plan Cache Snapshots, and displaying the SQL details of a job other than your own.

The database administrator function usage is an alternative to granting *JOBCTL, but it does not replace the requirement of having the correct object authority. To enable database administrator tasks which are unrelated to performance analysis, refer to the specific task for details on the authorization requirements. For example, to allow an administrator to reorganize a table, they must have object authorities granted, which are not covered by QIBM_DB_SQLADM.

In addition to QIBM_DB_SQLADM, the Change Function Usage (CHGFCNUSG) command, with a function ID of QIBM_DB_SYSMON, can also be used to change the list of users that are allowed to perform Database Information operations.
..."


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].