Granting table privileges to the JCA authentication alias user ID

Draft comment:
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15
If the schema name you are using is not the same as the JCA authentication alias user ID, you must grant a subset of DB2® for z/OS® privileges to the JCA authentication alias user ID.

About this task

Use a schema name that is different from the JCA authentication alias to prevent the alias user ID from having the authority to drop tables. (The authority to drop tables is implicitly granted to the creator, that is, the schema.) Note that it does not make sense to grant a privilege like DBADM to the JCA authentication alias user ID because DBADM also has the ability to drop tables.

If you want IBM® Business Automation Workflow to function while not allowing the alias user ID to have DROP capability, create some GRANT statements by copying the database scripts and editing them to construct GRANT commands from the CREATE commands. You can create GRANT commands like the one shown in the following example:
GRANT ALL PRIVILEGES ON TABLE
cell.tablename TO userid/sqlid

where userid/sqlid is the JCA authentication alias user ID.

Note: Typically, the creator of a database object has implicit use of that object without requiring additional GRANT permissions. However, for DB2 for z/OS Version 10, additional GRANT permissions might be required for views because access to views is not implicitly granted to the creator.