Changing the ownership of objects from an authorization ID to a role

If a Db2 role is the owner of an object, all users that are associated with that role have the same owner privileges. You can change the owner of an object from an authorization ID to a role by using the CATMAINT utility.

Before you begin

You must be running under a trusted context with a role.

Procedure

To change the ownership of objects from an authorization ID to a role:

Run CATMAINT with the OWNER FROM owner_name TO ROLE clause.

The current role will become the owner. All privileges that are held on the object will be transferred from the original owner to the role with the exception of plans and packages. The original user can be the grantor or grantee. After the utility completes, the original owner does not have any privileges to the object .

You can change multiple object owners by specifying multiple owner_name values, but you cannot specify the same name more than once. If the owner_name value does not own any objects, that value is ignored. SYSIBM is not allowed as an owner_name value.

Ownership of roles is changed like other objects. However, if the associated trusted context role is owned by owner_name, the ownership of the role will not be changed, because a role cannot be owned by itself.