Granting table privileges to the JCA authentication alias user ID
If the schema name you are
using is not the same as the JCA authentication alias user ID, you
must grant a subset of DB2® for z/OS® privileges to the JCA authentication
alias user ID.
About this task
Use a schema name that is different from the JCA authentication alias to prevent the alias user ID from having the authority to drop tables. (The authority to drop tables is implicitly granted to the creator, that is, the schema.) Note that it does not make sense to grant a privilege like DBADM to the JCA authentication alias user ID because DBADM also has the ability to drop tables.
If you want IBM® Business Automation Workflow to
function while not allowing the alias user ID to have DROP capability,
create some GRANT statements by copying the database scripts and editing
them to construct GRANT commands from the CREATE commands. You can
create GRANT commands like the one shown in the following example:
GRANT ALL PRIVILEGES ON TABLE
cell.tablename TO userid/sqlidwhere userid/sqlid is the JCA authentication alias user ID.
Note: Typically, the creator
of a database object has implicit use of that object without requiring
additional GRANT permissions. However, for DB2 for z/OS Version
10, additional GRANT permissions might be required for views because
access to views is not implicitly granted to the creator.
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15