v9.7 FP6.

A database is created with RESTRICTIVE option. When health monitor and/or automatic maintenance is enabled and I hope only when it's enabled (I know it has to be disabled, was done this way before my time), db2 will create several tables in schema SYSTOOLS to store the info. CREATEIN on schema SYSTOOLS is granted to public during this process. Health monitor calls sysproc.sysinstallobjects to create the tables. I used [ db2 "call sysproc.sysinstallobjects ('policy', 'C', '', '')" ] to simulate what health monitor does and verified that CREATEIN is given to public.

Would you consider this a bug? The manual states "An implicitly created schema has CREATEIN privilege automatically granted to PUBLIC." Do you think db2 should revoke this privilege after creating the tables (for restrictive db's)?