Authority collection repository damage
Damage can occur to the authority collection repository for a user or for objects.
The damage can frequently occur during an abnormal IPL of the partition where authority collection is active for users or for objects. For performance reasons, authority collection data is not immediately written out to disk when it is collected. Forcing the data to disk would result in unacceptable performance for the authority collection due to the volume and frequency of data that is written to the repository.
Unfortunately, damage to a user's or objects authority collection repository results in the loss of the previously collected authority data. A Db2® table object can be created at any time from the active authority collection data. This creates a “snapshot” of the data. If authority collection is run for an extended period, a table object can be periodically created and updated to prevent data loss if an abnormal IPL occurs.
Authority collection for a user
If an abnormal IPL occurs when authority collection for a user is active, the recovery is to delete the authority collection repository for the user. For each user, use the Delete Authority Collection (DLTAUTCOL) command specifying TYPE(*USRPRF) and then start the authority collection again.
Before a user authority collection repository can be deleted by using the DLTAUTCOL command, authority collection for the user must first be ended by using the End Authority Collection (ENDAUTCOL) command. Use the AUTHORIZATION_NAME values returned by the query on the ENDAUTCOL and DLTAUTCOL commands.
SELECT AUTHORIZATION_NAME, AUTHORITY_COLLECTION_ACTIVE FROM QSYS2.USER_INFO WHERE AUTHORITY_COLLECTION_REPOSITORY_EXISTS='YES';
Authority collection for objects
During an IPL, the system checks whether the authority collection repository for objects is damaged. If so, the authority collection repository is automatically deleted and authority collection for objects is restarted if it was previously active. If the authority collection repository for objects is damaged while the partition is active, end authority collection for objects by using the ENDAUTCOL command. Use the DLTAUTCOL TYPE(*OBJ) OBJ(*ALL) command to delete the common authority collection repository for all objects, and then start the authority collection again.