Authority collection repository damage
Damage can occur to the authority collection repository for a user
or for objects
.
The damage can frequently occur during an abnormal IPL of the partition where authority
collection is active for users or for objects. For performance reasons,
authority collection data is not immediately written out to disk when it is collected. Forcing the data to
disk would result in unacceptable performance for the authority collection due to the volume and frequency
of data that is written to the repository.
Unfortunately, damage to a user's or objects authority collection repository
results in the loss of the previously collected authority data.
A Db2® table object can be created at any time
from the active authority collection data. This creates a “snapshot” of the data. If authority collection
is run for an extended period, a table object can be periodically created and updated to prevent data
loss if an abnormal IPL occurs.
Authority collection for a user
If an abnormal IPL occurs when authority collection for a user is active, the
recovery is to delete the authority collection repository for the user. For each user, use the
Delete Authority Collection (DLTAUTCOL)
command specifying TYPE(*USRPRF) and then start the authority collection again.
SELECT AUTHORIZATION_NAME, AUTHORITY_COLLECTION_ACTIVE FROM
QSYS2.USER_INFO WHERE
AUTHORITY_COLLECTION_REPOSITORY_EXISTS='YES';
Authority collection for objects
During an IPL, the system checks whether the authority collection repository for objects is damaged. If so, the authority collection repository is automatically deleted and authority collection for objects is restarted if it was previously active. If the authority collection repository for objects is damaged while the partition is active, end authority collection for objects by using the ENDAUTCOL command. Use the DLTAUTCOL TYPE(*OBJ) OBJ(*ALL) command to delete the common authority collection repository for all objects, and then start the authority collection again.