The authorization ID of an SQL statement that references a user-defined global variable and retrieves the value must have READ privilege on the global variable.
The authorization ID of an SQL statement that references a user-defined global variable and assigns a value to that variable must have the WRITE privilege on the global variable.
The link for this doc is:
http//www-01.ibm.com/support/knowledgecenter/SSEPEK_11.0/com.ibm.db2z11.doc/src/db2z_refhome.dita
To own/permit this in CA Top Secret, the following must be issued:
TSS ADD(#owner) DB2VAR(variable.name.prefix)
TSS PER(acid) DB2VAR(variable.name.prefix) ACCESS(NONE|READ|WRITE|ALL)
WRITE allows users to populate the variable
READ allows users to read the value of the variable.
where '#owner' is the acid to own the resource (we recommend department acids own resources)
'acid' is the user's acid, an attached profile, or the ALL record if all users should have access