User roles in the administrative task scheduler
Three user roles are involved in the use of the administrative task scheduler: the started task user, the interface users, and the execution users.
The started task of an administrative task scheduler is associated to the STARTUID user in RACF®. The administrative task scheduler runs in the security context of this user. This user, the started task user, should have access to the resources of the administrative task scheduler. This user needs UPDATE access on the Db2 table SYSIBM.ADMIN_TASKS and write access for the VSAM data set that contains the redundant task list.
The users or groups of users who have access to the SQL interface of the administrative task scheduler are allowed to add, remove, or list scheduled tasks. To specify who is authorized to add, remove, or list a scheduled task, use the GRANT command in Db2. All interface users are granted EXECUTE access on the administrative task scheduler stored procedures and user-defined table functions. They also are granted READ access on the SYSIBM.ADMIN_TASKS table.
Each scheduled task in the administrative task scheduler is associated with an execution user who executes the task. When an execution user is not explicitly defined, the administrative task scheduler uses a default execution user, DFLTUID, that is defined in the started task. DFLTUID must be an ID that can be used as a logon ID and has a password. DFLTUID cannot be a group ID. The execution threads of the administrative task scheduler switch to the security context of the execution user before executing a task.