DSNZPARM Authorization, RLF and DDF Parameters
This panel shows information about the parameters that affect Db2 access and security. It shows the name of the DSNZPARM module that is specified for Db2 startup and the date on which the module is assembled. It also shows a list of the default values of the DB2® application.
If a field is not available for the current Db2 release,
the string N/A
is displayed. For other conditions, for example, if specific Db2 traces are not started or control block data is not available,
the string N/P
is displayed.
+ DSNTIPP-Protection 1
+------------------------------------
+ Archive Log RACF (PROTECT) NO
+ Use Protection (AUTH) YES
+ Plan Auth Cache (AUTHCACH) 3072
+ Package Auth Cache (CACHEPAC) 5242880
+ Routine Auth Cache (CACHERAC) 5242880
+ Auth Exit Limit (AEXITLIM) 10
+ Auth Exit Check (AUTHEXIT_CHECK) PRIMARY
+ (AUTHEXIT_CACHEREFRESH) NONE
+ (MFA_AUTHCACHE_UNUSED_TIME) 0
+
+ DSNTIPP1-Protection 2
+------------------------------------
+ System Admin 1 (SYSADM) HELM
+ System Admin 2 (SYSADM2) SYSADM
+ System Operator 1 (SYSOPR1) HELM
+ System Operator 2 (SYSOPR2) EMIL
+ Security Admin 1 (SECADM1) SECADM
+ Sec Admin1 Type (SECADM1_TYPE) AUTHID
+ Security Admin 2 (SECADM2) SECADM
+ Sec Admin2 Type (SECADM2_TYPE) AUTHID
+ (SEPARATE_SECURITY) N
+ Unknown Authid (DEFLTID) IBMUSER
+ Resource Authid (RLFAUTH) SYSIBM
+ Bind New Package (BINDNV) BINDADD
+ DBADM Create Auth (DBACRVW) NO
+ (REVOKE_DEPENDENT_PRIVILEGES) S
+
+ DSNTIPR-DDF 1
+------------------------------------
+ DDF Startup Option (DDF) AUTO
+ Resync Interval (RESYNC) 2
+ DDF Threads (CMTSTAT) INACTIVE
+ Max Type1 Inactive Thrds (MAXTYPE1) 0
+ Idle Thread Timeout (IDTHTOIN) 120
+ Extended Security (EXTSEC) YES
+
+ DSNTIP5-DDF 2
+------------------------------------
+ TCP/IP Already Verified (TCPALVER) NO
+ Extended Option for TCPALVER NO
+ Extra Blocks Req (EXTRAREQ) 100
+ Extra Blocks Srv (EXTRASRV) 100
+ Hop Site Authorization (HOPAUTH) V9 N/A
+ TCP/IP Keepalive (TCPKPALV) 120
+ Pool Thread Timeout (POOLINAC) 120
+ Conn Queue Max Depth (MAXCONQN) 0
+ Conn Queue Max Wait (MAXCONQW) 0
===============================================================================
+ DSNTIPO4-Resource Limit Facility
+------------------------------------
+ RLF Auto Start (RLF) NO
+ RLF Scope (RLFENABLE) DYNAMIC
+ RLST Name Suffix (RLFTBL) 01
+ RLST Access Err DSQL (RLFERR) NOLIMIT
+ RLST Access Err SSQL (RLFERRSTC) NOLIMIT
+ RLST Access Err RemDSQL (RLFERRD) NOLIMIT
+ RLST Access Err RemSSQL(RLFERRDSTC) NOLIMIT
Fields
The DSNZ command displays the following lines to reflect the usage of the
Db2
SET SYSPARM command. To each of these lines, the corresponding date on which this
particular module is assembled is displayed.
- DSNZPARM Module
- The name of the DSNZPARM module that is specified for Db2 startup.
- Initial Module
- The name of the initial DSNZPARM load module.
- Previous Module
- The name of the previous DSNZPARM load module.
- Assembly Date
- The date on which this module was assembled.
DSNTIPO-Operator Functions
- WTO Route Codes (ROUTCDE) (QWP1SMRC)
- This parameter determines the z/OS® console routing codes that are assigned to messages that are not solicited from a specific console.
- Recall Data Base (RECALL) (QWP4HRCL)
- This parameter determines whether DFSMShsm automatic recall is performed for Db2 databases.
- Recall Delay (RECALLD) (QWP4HRCD)
- This parameter determines the maximum length of time in seconds that a program can be delayed for a DFSMShsm recall.
- Auto Bind (ABIND) (QWP4ABN )
- This parameter determines whether plans or packages can be rebound automatically.
- Explain Processing (ABEXP) (QWP4ABX )
- This parameter determines whether EXPLAIN is allowed during AUTOBIND.
- Dprop Support (EDPROP) (QWP4ENF)
- DPROPNR support only.
- Change Data Capture (CHGDC) (QWP4CDC )
- This parameter determines the enablement of change data capture.
- Site Type (SITETYP) (QWP4MSTY)
- This parameter determines whether this system runs at the local site.
- Tracker Site (TRKRSITE) (QWP4TRKR)
- This parameter determines whether this subsystem is a remote tracker site for another Db2 system.
- Read Copy2 Archive (ARC2FRST) (QWP2ARC2)
- This parameter determines whether the COPY2 archives are read first when the Db2 subsystem is started.
- (PROFILE_AUTOSTART) (QWP1PFSY)
- Specifies whether start profile command processing is automatically initiated as part of Db2 startup.
- 0=NO
- 1=YES
DSNTIP-Protection 1
- Archive Log RACF® (PROTECT) (QWP3RTCT)
- This parameter determines the RACF protection.
- Use Protection (AUTH) (QWP4AUTH)
- This parameter determines whether the Db2 authorization is enabled or disabled.
- Plan Auth Cache (AUTHCACH) (QWP4AUCA)
- This parameter determines the authorization cache size.
- Package Auth Cache (CACHEPAC) (QWP4PAC )
- This parameter determines the size of package authorization cache.
- Routine Auth Cache (CACHERAC) (QWP4RAC )
- This parameter determines the amount of storage that is allocated to the caching of authorization information for all routines on this subsystem.
- Auth Exit Limit (AEXITLIM) (QWP4ACAN)
- This parameter determines the abend count for the access control authorization exit.
- Auth Exit Check (AUTHEXIT_CHECK) (QWP4RACK)
- This parameter determines the authorization exit check.
- (AUTHEXIT_CACHEREFRESH) (QWP4AECR)
- Determines the authorization exit cache refresh.
- (MFA_AUTHCACHE_UNUSED_TIME) (QWP4FMAT)
- Controls how frequently a client is required to provide a new set of MFA credentials.
DSNTIP1-Protection 2
- System Admin 1 (SYSADM) (QWP4SADM)
- The system administrator user ID 1.
- System Admin 2 (SYSADM2) (QWP4ADM2)
- The system administrator user ID 1.
- System Operator 1 (SYSOPR1) (QWP4OPR1)
- The system operator user ID 1.
- System Operator 2 (SYSOPR2) (QWP4OPR2)
- The system operator user ID 1.
- Security Admin 1 (SECADM1) (QWP4SECA1_E)
- The security administrator 1 authorization ID.
- Sec Admin1 Type (SECADM1_TYPE) (QWP4SECA1_TYPE)
- The security administrator type 1 authorization ID.
- ' '
- Authorization ID
- L
- Role
- Security Admin 2 (SECADM2) (QWP4SECA2_E)
- The security administrator type 2 authorization ID.
- Sec Admin2 Type (SECADM2_TYPE) (QWP4SECA2_TYPE)
- The security administrator type 2 authorization ID.
- ' '
- Authorization ID
- L
- Role
- (SEPARATE_SECURITY) (QWP4SEPS)
- Specifies whether to separate Db2 security administrator duties from the Db2 system administrator duties.
- Unknown Authid (DEFLTID) (QWP4DFID)
- The system administrator default user ID.
- Resource Authid (RLFAUTH) (QWP1RLFA)
- The resource limit specification table authorization ID.
- Bind New Package (BINDNV) (QWP4BNVA)
- When adding a new package or a new version of an existing package to a collection, one of the
following authorities is required:
- BINDADD AUTHORITY
- BIND AUTHORITY
- DBADM Create Auth (DBACRVW) (QWP4CRVW)
- Specifies whether an authorization ID with DBADM authority can create a view or an alias for another authorization ID. Valid values are YES or NO. The default value is NO.
- (REVOKE_DEPENDENT_PRIVILEGES) (QWP4RVDP)
- Specifies whether to include dependent privileges on REVOKE:
- Y
- Dependent privileges are included.
- N
- Dependent privileges are not included.
- S
- The REVOKE statement specification is used.
DSNTIPR-DDF 1
- DDF Startup Option (DDF) QWP9STRT)
- The facility start parameter.
- Resync Interval (RESYNC) (QWP9RYC )
- The minutes between resynchronization periods.
- DDF Threads (CMTSTAT) (QWP9CMST)
- The status of the DDF thread.
- Max Type1 Inactive Thrds (MAXTYPE1) (QWP9MAX1)
- Specifies the maximum type 1 inactive threads that are allowed by Db2. 0 indicates that type 1 inactive connections are not allowed.
- Idle Thread Timeout (IDTHTOIN) (QWP9TTO )
- The approximate time in seconds that an active server thread can remain dormant before it is cancelled.
- Extended Security (EXTSEC) (QWP1SCER)
- This parameter determines the contents of the error message that is returned to a network client
when a DDF connection request fails due to a security error. It also determines whether you can
update an RACF password by using the DRDA change password function.
- Y
- Detailed error information is returned. You can update the password by using the DRDA function.
- N
- A generic error message is returned. You cannot update the RACF password by using the DRDA function.
DSNTIP5-DDF2
- TCP/IP Already Verified (TCPALVER) (QWP9TCPA)
- Specifies whether already verified connections are accepted from TCP/IP clients.
- Extended Option for TCPALVER (QWP9TCPVE)
- If YES is specified, user ID and password are required. These values must be AES-encrypted
including RACF passtickets, or a KERBEROS ticket is required,
or the connection is protected by one of the following options:
- AT-TLS policy (ensured via a Db2 SECPORT)
- IPSEC tunnel
- Extra Blocks Req (EXTRAREQ) (QWP1EXBR)
- The maximum number of extra query blocks that Db2 can request from a remote DRDA server.
- Extra Blocks Srv (EXTRASRV) (QWP1EXBS)
- The maximum number of extra query blocks that Db2 can return to a remote DRDA requester.
- Hop Site Authorization (HOPAUTH) V9 (QWP4HOP )
- For a non-Db2 requester that executes a package at a Db2
server that sends an SQL statement to another Db2 server, you
can specify one of the following options:
- ON
- The authorization ID of the package owner is used for static SQL, and the ID of the process runner is used for dynamic SQL.
- OFF
- The authorization ID of the process runner is used for all statements.
- TCP/IP Keepalive (TCPKPALV) (QWP9TCKA)
- Determines whether to override the TCP/IP stack Keepalive value. The default value is 120.
- Pool Thread Timeout (POOLINAC) (QWP9INAC)
- Specifies the time in seconds that a DBAT can remain idle in the pool before it is terminated. If this parameter is set to 0, a DBAT is terminated instead of going into the pool if there is a sufficient number of threads in the pool to process the number of type 2 inactive threads that is currently existing.
- Conn Queue Max Depth (MAXCONQN) (QWP9MCONQN)
- The maximum depth for the connection request queue of connections that are waiting for a DBAT to
process a request. The minimum value is 1.
- OFF
- The queue is limited only by CONDBAT.
- ON
- The depth of the queue corresponds to the maximum value that is specified for MAXDBAT.
- Conn Queue Max Wait (MAXCONQW) (QWP9MCONQW)
- The maximum time in seconds for a connection to wait for a DBAT to process its request.
- OFF
- The connection waits indefinitely.
- ON
- The time value that is specified for IDTHTOIN is used. However, if IDTHTOIN is set to 0, w warning MNOTE is issued. It states that MAXONT is set to OFF because IDTHTOIN is set to 0. The minimum numeric value is 5. The maximum value is 3600 seconds.
DSNTIP04 - Resource Limit Facility
- RLF Auto Start (RLF) (QWP1RLF)
- This parameter determines whether the resource limit facility (governor) starts automatically each time Db2 is started.
- RLF Scope (RFLENABLE)
-
The level of RLF governing:
- DYNAMIC
- Dynamic SQL only
- STATIC
- Static SQL only
- ALL
- Both, dynamic and static SQL
- RLST Name Suffix (RLFTBL) (QWP1RLFT)
- This parameter determines the suffix that is used for the default resource limit specification table (RLST). The default RLST is used when the resource limit facility (governor) is started automatically or when the governor is started without a specified suffix.
- RLST Access Error (RLFERR) (QWP1RLFR)
- This parameter determines what Db2 is doing if the governor encounters a condition that prevents it from accessing the resource limit specification table. This setting applies also if Db2 cannot find an applicable row in the resource limit specification table. An applicable row applies to the authorization ID, plan or package name, and the name of the logical unit of work of the query user.
- RLST Access Err SSQL (RLFERRSTC)
-
The action taken by Db2 when the governor cannot use the resource limit:
- NOLIMIT
- The static SQL statements run without limit.
- NORUN
- The static SQL statements terminated with an SQL error code. A number from 1 to 5000000 represents the number of CPU service units allowed for a query.
- RLST Access Err RemDSQL (RLFERRD) (QWP9RLER)
-
Shows what Db2 does when the governor cannot access the resource limit specification table or when no row in the table matches the currently running statement. :
- NOLIMIT
- This is the default. It allows all dynamic SQL statements to run without limit.
- NORUN
- Terminates all dynamic SQL statements immediately with an SQL error code. A number from 1 to 5000000 is the default limit. If the limit is exceeded, the SQL statement is terminated.
- RLST Access Err RemSSQL (RLFERRDSTC)
-
Shows what Db2 does when the governor cannot access the resource limit specification table or when no row in the table matches the currently running statement:
- NOLIMIT
- This is the default. It allows all static SQL statements to run without limit.
- NORUN
- Terminates all static SQL statements immediately with an SQL error code. A number from 1 to 5000000 is the default limit; if the limit is exceeded, the SQL statement is terminated.