SYSTABAUTH catalog table

The SYSTABAUTH table records the privileges that users hold on tables and views. The schema is SYSIBM.

Column name Data type Description Use
GRANTOR
VARCHAR(128)
NOT NULL
Authorization ID or role of the user who granted the privileges. Could also be PUBLIC. G
GRANTEE
VARCHAR(128)
NOT NULL
Authorization ID or role of the user who holds the privileges or the name of an application plan or package that uses the privileges. PUBLIC for a grant to PUBLIC. G
GRANTEETYPE
CHAR(1)
NOT NULL
Type of grantee:
blank
An authorization ID
L
Role
P
An application plan or a package. The grantee is a package if COLLID is not blank.
G
DBNAME
VARCHAR(24)
NOT NULL
If the privileges were received from a user with DBADM, DBCTRL, or DBMAINT authority, DBNAME is the name of the database on which the GRANTOR has that authority. Otherwise, DBNAME is blank. G
SCREATOR
VARCHAR(128)
NOT NULL
If the row of SYSIBM.SYSTABAUTH was created as a result of a CREATE VIEW statement, SCREATOR is the schema of a table or view referred to in the CREATE VIEW statement. Otherwise, SCREATOR is the same as TCREATOR. G
STNAME
VARCHAR(128)
NOT NULL
If the row of SYSIBM.SYSTABAUTH was created as a result of a CREATE TABLE statement or a materialized query table, STNAME is the name of a table or view referred to in the fullselect of the CREATE TABLE statement. G
TCREATOR
VARCHAR(128)
NOT NULL

The schema of the table or view.

G
TTNAME
VARCHAR(128)
NOT NULL
Name of the table or view. G
AUTHHOWGOT
CHAR(1)
NOT NULL
WITH DEFAULT
Authorization level of the user from whom the privileges were received. This authorization level is not necessarily the highest authorization level of the grantor.
blank
Not applicable
B
System DBADM
C
DBCTRL
D
DBADM
E
SECADM
G
ACCESSCTRL
K
SQLADM
L
SYSCTRL
M
DBMAINT
S
SYSADM
T
DATAACCESS
G
CHAR(12)
NOT NULL
Internal use only. I
DATEGRANTED
CHAR(6)
NOT NULL
Not used. N
TIMEGRANTED
CHAR(8)
NOT NULL
Not used. N
UPDATECOLS
CHAR(1)
NOT NULL
The value of this column is blank if the value of UPDATEAUTH applies uniformly to all columns of the table or view. The value is an asterisk (*) if the value of UPDATEAUTH applies to some columns but not to others. In this case, rows will exist in SYSIBM.SYSCOLAUTH with matching timestamps and PRIVILEGE = blank. These rows list the columns on which update privileges have been granted. G
ALTERAUTH
CHAR(1)
NOT NULL
Whether the GRANTEE can alter the table:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
DELETEAUTH
CHAR(1)
NOT NULL
Whether the GRANTEE can delete rows from the table or view:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
INDEXAUTH
CHAR(1)
NOT NULL
Whether the GRANTEE can create indexes on the table:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
INSERTAUTH
CHAR(1)
NOT NULL
Whether the GRANTEE can insert rows into the table or view:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
SELECTAUTH
CHAR(1)
NOT NULL
Whether the GRANTEE can select rows from the table or view:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
UPDATEAUTH
CHAR(1)
NOT NULL
Whether the GRANTEE can update rows of the table or view:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
IBMREQD
CHAR(1)
NOT NULL
A value of Y indicates that the row came from the basic machine-readable material (MRM) tape. For all other values, see Release dependency indicators.

The value in this field is not a reliable indicator of release dependencies.

G
GRANTEELOCATION
VARCHAR(128)
NOT NULL WITH
DEFAULT
Not used. N
LOCATION
VARCHAR(128)
NOT NULL WITH
DEFAULT
Not used. N
COLLID
VARCHAR(128)
NOT NULL WITH
DEFAULT
If the GRANTEE is a package, its collection name. Otherwise, the value is blank. G
CONTOKEN
CHAR(8)
NOT NULL WITH
DEFAULT
FOR BIT DATA
If the GRANTEE is a package, the consistency token of the DBRM from which the package was derived. Otherwise, the value is blank. S
CAPTUREAUTH
CHAR(1)
NOT NULL WITH
DEFAULT
Not used. N
REFERENCESAUTH
CHAR(1)
NOT NULL WITH
DEFAULT
Whether the GRANTEE can create or drop referential constraints in which the table is a parent.
blank
Privilege is not held
G
Privilege held with the GRANT option
Y
Privilege held without the GRANT option
G
REFCOLS
CHAR(1)
NOT NULL WITH
DEFAULT
The value of this column is blank if the value of REFERENCESAUTH applies uniformly to all columns of the table. The value is an asterisk(*) if the value of REFERENCESAUTH applies to some columns but not to others. In this case, rows will exist in SYSIBM.SYSCOLAUTH with PRIVILEGE = R and matching timestamps that list the columns on which reference privileges have been granted. G
GRANTEDTS
TIMESTAMP
NOT NULL WITH
DEFAULT
Time when the GRANT statement was executed. G
TRIGGERAUTH
CHAR(1)
NOT NULL WITH
DEFAULT
Whether the GRANTEE can create triggers in which the table is named as the subject table:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
G
GRANTORTYPE
CHAR(1)
NOT NULL WITH
DEFAULT
Indicates the type of grantor:
blank
Authorization ID
L
Role
G