BMC Software, Inc., Confidential and Proprietary Information
5-6 Administrative Products for DB2 Installation Guide
Controlling Access
ALTER Execution Plans
The following plans are used by the Execution component.
AEX
vrm
AA—Execution Monitor Entry (Authorization)
EXECUTE authority on this plan allows users to execute a worklist. You
should, therefore, carefully consider who receives authorization to use this
plan.
AEX
vrm
AM—Execution Monitor
This plan does not control who has authorization to execute a worklist. It
does, however, provide users with the ability to attach to DB2 with alternate
authorization IDs for the
-AUTH commands. Because this plan does not affect
who can run Execution, you may grant
PUBLIC authority to this plan.
The execution plan contains some packages that use dynamic SQL. Some of
these packages will cause long-running SQL and may need to be added to
your RLST. The packages are described as follows:
• AEXAUNLD is the package that does the unload of data from tables.
• AEXSQLIO is the package that does all worklist
-SQL commands,
including deletions before a data-only migration
-LOAD.
• AEXESTDL is the package that does some of the restart logic before the
restart of a
-LOAD, including the deleting of previously-loaded rows.
By restricting authorization to run the Execution plans, you can control what
change and migrate functions users can perform. Giving wide access to
Specification and Analysis while controlling access to the Execution Monitor
Entry lets your users run ALTER for training purposes or use it as a system
dictionary.
Further control over the Execution component’s authorization switching
function is provided by the Execution Security Exit.
