Protection of the resources of the administrative task scheduler

The task lists of the administrative task scheduler are protected against unauthorized use by users other than the started task execution user.

The VSAM resource (by default DSNCAT.TASKLIST, where DSNCAT is the Db2 catalog prefix) that stores the task list of the administrative task scheduler must be protected in RACF® against unauthorized access. Only the started task user has UPDATE authority on the VSAM resources. No other users should have any access.

A similar security concept is implemented for the SYSIBM.ADMIN_TASKS table, which stores a redundant copy of the scheduled tasks. Only the started tasks user has SELECT, INSERT, DELETE, or UPDATE authority on this resource. Users with EXECUTE rights on the ADMIN_TASK_LIST and ADMIN_TASK_STATUS user-defined functions have only SELECT authority on the SYSIBM.ADMIN_TASKS table.