Information
The SQLADM authority is required to monitor, tune, and alter SQL statements.
Rationale:
The SQLADM authority can CREATE, SET, FLUSH, DROP EVENT MONITORS and perform RUNSTATS and REORG INDEXES and TABLES. SQLADM can be granted to users, groups, or roles or PUBLIC. SQLADM authority is a subset of the DBADM authority and can be granted by the SECADM authority.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Revoke SQLADM authority from any unauthorized users.
db2 => REVOKE SQLADM ON DATABASE FROM USER <username>