IFCID106: System Parameters (security-relevant fields only)

The IFCID106 DD contains the extracted IFCID106 (System Parameters) records.

Begin program-specific programming interface information.

The IFCID106 DD has the following five sections for the security-relevant fields:

System initialization parameters
Miscellaneous installation parameters
Distributed Data Facility (DDF) parameters
Data sharing parameters
Application programming defaults

Fields for system initialization parameters

The IFCID106 DD has the following fields for system initialization parameters:

WTO ROUTE CODES: The MVS console routing codes. These codes are assigned to messages that are not solicited from a specific console. Up to 16 comma-separated codes can be shown.; Install parameter: WTO ROUTE CODES on panel DSNTIPO; DSN6SYSP parameter: ROUTCDE; Field Name: QWP1SMRC
MONITOR BUFFER SIZE: The default number of bytes allocated for the monitor trace buffer.; Install parameter: MONITOR SIZE on panel DSNTIPN; DSN6SYSP parameter: MONSIZE; Field Name: QWP1MONS
AUDIT CLASSES: Shows whether the audit trace is started automatically when Db2 is started. When a value of YES is specified, the audit trace is started for the default class (class 1) whenever Db2 is started. When a value of ALL is specified, an audit trace is automatically started for all classes.; Install parameter: AUDIT TRACE on panel DSNTIPN; DSN6SYSP parameter: AUDITST; Field Name: QWP1AUDT
EXT. SECURITY: Extended security options. When the recommended value of YES is specified, detailed reason codes are returned to a DRDA level 3 client when a DDF connection request fails because of security errors. When using SNA protocols, the requester must have included a product that supports the extended security sense codes, such as Db2 Connect version 5 and subsequent releases. RACF® users can change their passwords using the DRDA change password function. This support is only for DRDA level 3 requesters that have implemented support for changing passwords. A value of YES allows properly-enabled DRDA clients to determine the cause of security failures without requiring Db2 operator support. When a value of NO is specified, generic error codes are returned to the clients and RACF users are prevented from changing their passwords.; Install parameter: EXTENDED SECURITY on panel DSNTIPR; DSN6SYSP parameter: EXTSEC; Field Name: QWP1SCER
UNICODE IFCIDS: Shows whether output from IFC records should contain character data in Unicode or EBCDIC. Only a subset of the character fields (identified in the IFCID record definition by a %U in the comment area to the right of the field declaration in the DSNDQWxx copy files) are encoded in Unicode. The remaining fields maintain the same encoding of previous releases.; Install parameter: UNICODE IFCIDS on panel DSNTIPN; DSN6SYSP parameter: UIFCIDS; Field Name: QWP1_UNICODE

Example for system initialization parameters

                                       SYSTEM INITIALIZATION PARAMETERS                                    
WTO ROUTE CODES  : X'8000'  MONITOR BUFFER SIZE:  0001048576  AUDIT CLASSES: X'00000000'  EXT. SECURITY: NO
DATABASE PROTOCOL: D        UNICODE IFCIDS     :  NO

Fields for miscellaneous installation parameters

The IFCID106 DD has the following fields for miscellaneous installation parameters:

COMCRIT

Indicates whether the Db2 environment for Common Criteria is enabled.

Install parameter: None

DSN6SPRM parameter: COMCRIT

Field name: QWP4COMC

DDL REGISTRATION FLAG

The DDL registration facility flag. It summarizes four settings for data definition control support:

Data definition control: Indicates whether DDL statements are validated by data definition control support.; Install parameter: INSTALL DD CONTROL SUPT on panel DSNTIPZ; DSN6SPRM parameter: RGFINSTL
Application control: Indicates whether the Db2 system is controlled by a set of closed applications whose application identifiers are identified in the application registration table. Closed applications require their Db2 objects to be managed solely through the plans or packages of the closed application that is registered in the application registration table.; Install parameter: CONTROL ALL APPLICATIONS on panel DSNTIPZ; DSN6SPRM parameter: RGFDEDPL
Full names required: Indicates whether registered objects require fully-qualified names.; Install parameter: REQUIRE FULL NAMES on panel DSNTIPZ; DSN6SPRM parameter: RGFFULLQ
Unregistered DDL action: Indicates whether DDL that names an unregistered object is to be rejected, rejected if the current application is not registered, or accepted.; Install parameter: UNREGISTERED DDL DEFAULT on panel DSNTIPZ; DSN6SPRM parameter: RGFDEFLT

DDL REGISTRATION FLAG can have one of the following values:

Table 1. DDL REGISTRATION FLAG values
Setting	Interpretation
Setting	Data definition control	Application control	Full names required	Unregistered DDL action
00	No	No	No	Reject
08				Application
10				Accept
20			Yes	Reject
28				Application
30				Accept
40		Yes	No	Reject
48				Application
50				Accept
60			Yes	Reject
68				Application
70				Accept
80	Yes	No	No	Reject
88				Application
90				Accept
A0			Yes	Reject
A8				Application
B0				Accept
C0		Yes	No	Reject
C8				Application
D0				Accept
E0			Yes	Reject
E8				Application
F0				Accept

Field Name: QWP4REGF

INSTALL SYSADM

One of two authorization IDs with SYSADM authority. SYSADM users can access to Db2 in all cases.

Install parameter: SYSTEM ADMIN 1 on panel DSNTIPP1

DSN6SPRM parameter: SYSADM

Field Name: QWP4SADM

DEFAULT USERID

The authorization ID used if RACF is not available for batch access and USER= is not specified in the job statement.

Install parameter: UNKNOWN AUTHID on panel DSNTIPP1

DSN6SPRM parameter: DEFLTID

Field Name: QWP4DFID

SYSADM ID 2

One of two authorization IDs with SYSADM authority. SYSADM users can access to Db2 in all cases.

Install parameter: SYSTEM ADMIN 2 on panel DSNTIPP1

DSN6SPRM parameter: SYSADM2

Field Name: QWP4ADM2

SITE TYPE

Shows whether this system is at a local site or a recovery site.

LOCALSITE: This is the site of the current system. Multiple image copies are made and are operational here. This is the default.
RECOVERYSITE: This an alternative site for recovery purposes.

Install parameter: SITE TYPE on panel DSNTIPO

DSN6SPRM parameter: SITETYP

Field Name: QWP4MSTY

SYSOPER ID

One of two authorization IDs with SYSOPR authority. SYSOPR users can access Db2 even if the Db2 catalog is unavailable.

Install parameter: SYSTEM OPERATOR 1 on panel DSNTIPP1

DSN6SPRM parameter: SYSOPR1

Field Name: QWP4OPR1

SYSOPER ID 2

One of two authorization IDs with SYSOPR authority. SYSOPR users can access Db2 even if the Db2 catalog is unavailable.

Install parameter: SYSTEM OPERATOR 2 on panel DSNTIPP1

DSN6SPRM parameter: SYSOPR2

Field Name: QWP4OPR2

ENABLE Db2 AUTHORIZATION

Shows whether Db2 performs authorization checking. When all authorization checking by Db2 is disabled, the GRANT statement is also disabled (granting every privilege to PUBLIC); this is not recommended.

Install parameter: USE PROTECTION on panel DSNTIPP

DSN6SPRM parameter: AUTH

Field Name: QWP4AUTH

CACHE DYNAMIC SQL

Indicates whether prepared dynamic use by eligible application processes.

Install parameter: CACHE DYNAMIC on panel DSNTIP8

DSN6SPRM parameter: CACHEDYN

Field Name: QWP4CDYN

AUTH. CACHE SIZE

The size of the authorization cache to use if no CACHESIZE is specified on the BIND PLAN subcommand. A value of 0 means authorization caching is not used.

Install parameter: PLAN AUTH CACHE on panel DSNTIPP

DSN6SPRM parameter: AUTHCACH

Field Name: QWP4AUCA

PACK AUTH CACHE

The amount of storage that is allocated for caching authorization information for all packages on this Db2 member.

Install parameter: PACKAGE AUTH CACHE on panel DSNTIPP

DSN6SPRM parameter: CACHEPAC

Field Name: QWP4PAC

DBADM CREATE VIEW

Shows whether a Db2 administrator can create a view or alias for another user. Possible values are YES or NO. The default value is NO.

Install parameter: DBADM CREATE AUTH on panel DSNTIPP1

DSN6SPRM parameter: DBACRVW

Field Name: QWP4CRVW

EDM STATEMNT CACHE

The size of the statement cache that can be used by the Environmental Descriptor Manager (EDM).

Install parameter: EDM STATEMENT CACHE on panel DSNTIPC

DSN6SPRM parameter: EDMSTMTC

Field Name: QWP4ESTC

ONL SYSPARM TYPE

The type of Db2 system parameter that was changed by the last SET SYSPARM statement.

Install parameter: None

DSN6SPRM parameter: None

Field Name: QWP4OZTP

ONL SYSPARM USER ID

The user ID that made the last online change to Db2 system settings.

Install parameter: None

DSN6SPRM parameter: None

Field Name: QWP4OZUS

ONL SYSPARM CORID

The correlation ID of the online application that made the last change to Db2 system settings.

Install parameter: None

DSN6SPRM parameter: None

Field Name: QWP4OZCI

ONL SYSPARM TIME

Time of the last online change made to Db2 system settings.

Install parameter: None

DSN6SPRM parameter: None

Field Name: QWP4OZTM

SECURITY ADMIN 1 TYPE

Specifies whether the entry in the SECURITY ADMIN 1 field is an authorization ID or a role.

Install parameter: SEC ADMIN 1 TYPE field on panel DSNTIPP1

DSN6SPRM parameter: SECADM1_TYPE

Field Name: QWP4SECA1_Type

SECURITY ADMIN 2 TYPE

Specifies whether the entry in the SECURITY ADMIN 2 field is an authorization ID or a role.

Install parameter: SEC ADMIN 2 TYPE field on panel DSNTIPP1

DSN6SPRM parameter: SECADM2_TYPE

Field Name: QWP4SECA2_Type

SECURITY TASKS

Specifies whether Db2 security administrator duties are to be separated from system administrator duties for this subsystem. You must set the SEPARATE_SECURITY system parameter to YES in the evaluated configuration.

Install parameter: SEPARATE SECURITY field on panel DSNTIPP1

DSN6SPRM parameter: SEPARATE_SECURITY

Field Name: QWP4SEPSD

REVOKE DEP. PRIVILEGES

Specifies whether revoking a privilege from a user is to cause dependent privileges to be revoked. If dependent privileges are to be revoked, revoking a privilege from a user also revokes the privilege from anyone that the user has granted that privilege to.

Install parameter: REVOKE DEP PRIV field on panel DSNTIPP1

DSN6SPRM parameter: REVOKE_DEP_PRIVILEGES

Field Name: QWP4RVDPR

SECURITY ADMIN 1

The first of two authorization IDs or roles that are assigned to have Db2 security administrator authority.

Install parameter: SECURITY ADMIN 1 on panel DSNTIPP1

DSN6SPRM parameter: SECADM1

Field Name: QWP4SECA1

SECURITY ADMIN 2

The second of two authorization IDs or roles that are assigned to have Db2 security administrator authority.

Install parameter: SECURITY ADMIN 2 on panel DSNTIPP1

DSN6SPRM parameter: SECADM2

Field Name: QWP4SECA2

Example for miscellaneous installation parameters


                                       MISCELLANEOUS INSTALLATION PARAMETERS                                                        
COMMON CRITERIA ENVIRON : YES           DDL REGISTRATION FLAG: X'30'     INSTALL SYSADM  : SYSADM1      DEFAULT USERID    : IBMUSER 
SYSADM ID 2             : SYSADM2       SITE TYPE            : LOCAL     SYSOPER ID      : SYSOPR1      SYSOPER ID 2      : SYSOPR2 
ENABLE DB2 AUTHORIZATION: YES           CACHE DYNAMIC SQL    : NO        AUTH. CACHE SIZE:  01024                                   
PACK AUTH CACHE         :  0000000000   DBADM CREATE VIEW    : YES       EDM STMT CACHE  :  0000005000  ONL SYSPARM TYPE  : N/A     
ONL SYSPARM CORID       :               ONL SYSPARM USER ID  :           ONL SYSPARM TIME: 08:26:40                                 
SECURITY ADMIN 1 TYPE   : AUTH ID       SECURITY ADMIN 2 TYPE: AUTH ID   SECURITY TASKS  : SYSADM/SYSCTRL CANNOT GRANT/REVOKE       
REVOKE DEP. PRIVILEGES  : SPECIFIED IN REVOKE STATEMENT                                                                             
SECURITY ADMIN 1        : SECADM                                                                                                    
SECURITY ADMIN 2        : SECADM

                                       MISCELLANEOUS INSTALLATION PARAMETERS     
COMMON CRITERIA ENVIRON : NO            DDL REGISTRATION FLAG: X'30'     INSTALL SYSADM  : SYSADM       DEFAULT USERID    : IBMUSER 
SYSADM ID 2             : SYSADM        SITE TYPE            : LOCAL     SYSOPER ID      : SYSOPR       SYSOPER ID 2      : SYSOPR  
ENABLE DB2 AUTHORIZATION: YES           CACHE DYNAMIC SQL    : NO        AUTH. CACHE SIZE:  01024       HOP SITE AUTHORIZ.: YES     
PACK AUTH CACHE         :  0000032768   DBADM CREATE VIEW    : NO        EDM STMT CACHE  :  0005120000  ONL SYSPARM TYPE  : N/A     
ONL SYSPARM CORID       :               ONL SYSPARM USER ID  :           ONL SYSPARM TIME: 08:26:40

Fields for DDF parameters

The IFCID106 DD has the following fields for DDF parameters:

FACILITY NAME: The name of the DDF facility.; Install parameter: None; DSN6FAC parameter: None; Field Name: QWP9NAME
RESYNCH.INTERVAL: The number of minutes between resynchronization periods.; Install parameter: RESYNC INTERVAL on panel DSNTIPR; DSN6FAC parameter: RESYNC; Field Name: QWP9RYC
TCP/IP VERIFIED: Indicates whether Db2 accepts TCP/IP connection requests containing only a user ID.; Install parameter TCP/IP ALREADY VERIFIED on panel DSNTIP5; DSN6FAC parameter: TCPALVER; Field Name: QWP9TCPA
FACILITY START: Indicates whether DDF is loaded, and if so, how it was started.; Install parameter DDF STARTUP OPTION on panel DSNTIPR; DSN6FAC parameter: DDF; Field Name: QWP9STRT
DBAT STATUS: Shows whether Db2 inactivates threads that have successfully committed or rolled back, and hold no cursors.; Install parameter DDF THREADS on panel DSNTIPR; DSN6FAC parameter: CMTSTAT; Field Name: QWP9CMST
TCP/IP KEEPALIVE: Indicates whether the TCP/IP configuration KeepAlive value has been overwritten.; Install parameter TCP/IP KEEPALIVE on panel DSNTIP5; DSN6FAC parameter: TCPKPALV; Field Name: QWP9TCKA

Example for DDF parameters

                                       DISTRIBUTED DATA FACILITY PARAMETERS                         
FACILITY NAME: DDF       RESYNCH.INTERVAL: 00002     TCP/IP VERIFIED: NO        FACILITY START: AUTO
DBAT STATUS  : INACTIVE  TCP/IP KEEPALIVE: ENABLE

Fields for data sharing parameters

The IFCID106 DD has the following fields for data sharing parameters:

GROUP NAME: The name of the Db2 data-sharing group. A value of N/A indicates that this Db2 is not part of a data-sharing group.; Install parameter: GROUP NAME on panel DSNTIPK; DSN6GRP parameter: GRPNAME; Field Name: QWPAGRPN
MEMBER NAME: The member name of this Db2. A value of N/A indicates that this Db2 is not part of a data-sharing group.; Install parameter: MEMBER NAME on panel DSNTIPK; DSN6GRP parameter: MEMBNAME; Field Name: QWPAMBRN
DATA SHARING ENABLED: Indicates whether data sharing is enabled.; Install parameter: DATA SHARING on panel DSNTIP0A; DSN6GRP parameter: DSHARE; Field Name: QWPADSHR
PAR.COORD: Shows whether this Db2 member can coordinate parallel processing on other members of the group. A value of N/A indicates that this Db2 is not part of a data-sharing group.; Install parameter: COORDINATOR on panel DSNTIPK; DSN6GRP parameter: COORDNTR; Field Name: QWPACOOR
PAR.ASSIST: Shows whether this Db2 member can assist a parallelism coordinator with parallel processing. A value of N/A indicates that this Db2 is not part of a data-sharing group.; Install parameter: ASSISTANT on panel DSNTIPK; DSN6GRP parameter: ASSIST; Field Name: QWPAASST

Example for data sharing parameters

                                       DATA SHARING PARAMETERS                       
GROUP NAME: DSNCAT    MEMBER NAME: DB2A      DATA SHARING ENABLED: NO   PAR.COORD: NO
PAR.ASSIST: NO

Fields for application programming defaults

The IFCID106 DD has the following fields for application programming defaults:

VERSION: The version, release, and modification level.; Install parameter: None; DSNHDECP parameter: None; Field Name: QWPBREL
DEFAULT SUBSYSTEM: The MVS subsystem name for Db2.; Install parameter: SUBSYSTEM NAME on panel DSNTIPM; DSNHDECP parameter: SSID; Field Name: QWPBSSID
EBCDIC SBCS CCSID: The EBCDIC single-byte coded character set ID.; Install parameter: EBCDIC CCSID on panel DSNTIPF; DSNHDECP parameter: SCCSID; Field Name: QWPBSID
DECIMAL POINT OPTION: Indicates whether the decimal contains a comma (,) or a period (.).; Install parameter: DECIMAL POINT IS on panel DSNTIPF; DSNHDECP parameter: DECIMAL; Field Name: QWPBDE
DEFAULT ENCODING SCHEME: The default encoding scheme, which can be ASCII, EBCDIC, or UNICODE.; Install parameter: DEF ENCODING SCHEME on panel DSNTIPF; DSNHDECP parameter: ENSCHEME; Field Name: QWPBENS

Example for application programming defaults

End program-specific programming interface information.