There have been some changes recently to OMEGAMON DB2 in terms of how it handles authorization to execute a CANCEL THREAD command. Here's the story.
PK90400 enhanced OMEGAMON DB2 so that when the product is configured for external security, the userid of the logged on user is passed to DB2 to determine the DB2 authority to issue a CANCEL THREAD command. But, when instead OMEGAMON DB2 is configured for internal security the OMEGAMON task id is passed to DB2 for the authority to cancel a thread. Prior to PK90400 the CANCEL THREAD command was always issued under the authority of the OMEGAMON task.
There is now an APAR to provide a user configurable option to allow OMEGAMON to always issue the CANCEL THREAD under the authority of the OMEGAMON task, even if configured for external security.
Crystal clear, huh? It is an important thing to be aware of, becuse the authority to cancel DB2 threads is probably something you want to have properly secured.
Here is a link for more info:
http://www-01.ibm.com/support/docview.wss?uid=swg1PM07797&myns=swgtiv&mynp=OCSSUSPS&mynp=OCSSUSPA&mync=R
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.