AUTH EXIT CACHE REFR (AUTHEXIT_CACHEREFRESH subsystem parameter)

ALL

Specifies that:

• Db2 refreshes the entries in the package authorization cache, the routine authorization cache, and the dynamic statement cache when the user profile or resource access is changed in RACF, and the access control authorization exit (DSNX@XAC) is active.
• Db2 invalidates dependent packages when the user profile or resource access is changed in RACF, and the access control authorization exit (DSNX@XAC) is active.
• Db2 refreshes the entries in the DDF user authentication cache when the user profile is changed in RACF. The DDF user authentication cache is refreshed regardless of whether security is managed with Db2 facilities or with the access control authorization exit.

Tip: If you are enabling sysplex group authentication, ALL must be specified for every member of the data sharing group. For more information, see Enabling caching of MFA-based authentication credentials for clients with sysplex workload balancing.

NONE

Specifies that Db2 does not refresh the cache entries of the package authorization, the routine authorization, and the dynamic statement or invalidate dependent packages when the user profile or resource access is changed in RACF. This is the default value for the field.

When the AUTHEXIT_CACHEREFRESH subsystem parameter is set to ALL and the access control authorization exit is active, Db2 listens to type 62, type 71, and type 79 ENF signals from RACF for user profile or resource access changes and refreshes the Db2 cache entries accordingly. If you define RACF classes for Db2 objects and administrative authorities without using IBM-supplied RACF resource classes, you need to enable the SIGNAL=YES option for these classes in the RACF Class Descriptor Table.