CREATE VIEW privilege
If you have sufficient authority, you can create views for other users.
If the installation option DBADM CREATE AUTH on panel DSNTIPP (subsystem parameter DBACRVW) is set to YES during Db2 installation, users with DBADM authority for any
database can create views for other users.
When a view is based on tables or a combination of tables and views from more than one database, the view creator must have DBADM for at least one database that contains a table referenced in the view.
The RACF access control module checks the user's DBADM authorization for each database in the list if the XAPLCRVW field indicates that the DBACRVW subsystem parameter is enabled, and the CREATE VIEW privilege is not allowed by the following resources:
- SYSCTRL
- SYSADM
- SYSDBADM
For implicit databases, the check is done on DSNDB04. The result of each DBADM check is placed in the XAPLDBDA field associated with each database.
If a view name is specified with an explicit qualifier, an authorization check for create view authority (CRTVUAUTT) is performed first. If the CRTVUAUTT check fails, RACF issues unauthorized request message ICH408I. Db2 then performs another check to determine whether the explicit qualifier is a secondary authorization ID (RACF group) of the process. If the CRTVUAUTT check succeeds or the explicit qualifier is a secondary authorization ID, the view is created successfully, provided that the privilege set includes the necessary privileges to create the view.