Authority collection repository damage

Damage can occur to the authority collection repository for a user Start of changeor for objectsEnd of change.

The damage can frequently occur during an abnormal IPL of the partition where authority collection is active for users Start of changeor for objectsEnd of change. For performance reasons, authority collection data is not immediately written out to disk when it is collected. Forcing the data to disk would result in unacceptable performance for the authority collection due to the volume and frequency of data that is written to the repository.

Unfortunately, damage to a user's Start of changeor objectsEnd of change authority collection repository results in the loss of the previously collected authority data. A Db2® table object can be created at any time from the active authority collection data. This creates a “snapshot” of the data. If authority collection is run for an extended period, a table object can be periodically created and updated to prevent data loss if an abnormal IPL occurs.

Authority collection for a user

If an abnormal IPL occurs when authority collection for a user is active, the recovery is to delete the authority collection repository for the user. For each user, use the Delete Authority Collection (DLTAUTCOL) command Start of changespecifying TYPE(*USRPRF)End of change and then start the authority collection again.

To determine which user authority collection repositories need to be deleted, use the following SQL query:

Before a user authority collection repository can be deleted by using the DLTAUTCOL command, authority collection for the user must first be ended by using the End Authority Collection (ENDAUTCOL) command. Use the AUTHORIZATION_NAME values returned by the query on the ENDAUTCOL and DLTAUTCOL commands.
Start of change

Authority collection for objects

During an IPL, the system checks whether the authority collection repository for objects is damaged. If so, the authority collection repository is automatically deleted and authority collection for objects is restarted if it was previously active. If the authority collection repository for objects is damaged while the partition is active, end authority collection for objects by using the ENDAUTCOL command. Use the DLTAUTCOL TYPE(*OBJ) OBJ(*ALL) command to delete the common authority collection repository for all objects, and then start the authority collection again.

End of change