Determining whether the access control authorization routine is active

You can determine whether the exit routine or Db2 is performing authorization checks.

Procedure

Begin program-specific programming interface information.To determine whether the exit routine or Db2 is performing authorization checks:

  1. Start audit trace class 1.
  2. Choose a Db2 table on which to issue a SELECT statement and an authorization ID to perform the SELECT. The authorization ID must not have the Db2 SELECT privilege or the external security system SELECT privilege on the table.
  3. Use the authorization ID to issue a SELECT statement on the table. The SELECT statement should fail.
  4. Format the trace data and examine the return code (QW0140RC) in the IFCID 0140 trace record.
    • QW0140RC = –1 indicates that Db2 performed the authorization check and denied access.
    • QW0140RC = 8 indicates that the external security system performed the authorization check and denied access.End program-specific programming interface information.