You can now control access to a user-defined global variable through the GRANT (variable privileges) and REVOKE (variable privileges) statements. The authorization that is required to use a global variable depends on where it is defined and how it is used.
The authorization ID of an SQL statement that references a user-defined global variable and retrieves the value must have READ privilege on the global variable.
The authorization ID of an SQL statement that references a user-defined global variable and assigns a value to that variable must have the WRITE privilege on the global variable.
The link for this doc is:
To own/permit this in CA Top Secret, the following must be issued:
TSS ADD(#owner) DB2VAR(variable.name.prefix)
TSS PER(acid) DB2VAR(variable.name.prefix) ACCESS(NONE|READ|WRITE|ALL)
WRITE allows users to populate the variable
READ allows users to read the value of the variable.
where '#owner' is the acid to own the resource (we recommend department acids own resources)
'acid' is the user's acid, an attached profile, or the ALL record if all users should have access