UPDATE and REFERENCES authorization on Db2 table columns

You can use the RACF access control module to handle UPDATE and REFERENCES authorizations.

The RACF access control module handles UPDATE and REFERENCES authorizations associated with columns by first checking for access to the entire table (example: table.UPDATE) and if not permitted, then to each individual column (example: table.column.UPDATE).

When performing an authorization check on a column privilege, the RACF access control module informs Db2 if access is allowed because it is allowed on the whole table or through an individual column. In Db2, this check is performed using fields UPDATECOLS and REFCOLS. The RACF access control module returns a value to Db2 in output field XAPLONWT.

When performing the authorization check on the entire table and authorization is given to the requester, the RACF access control module returns a blank (‘ ') in the output field XAPLONWT and sends a return code of 0.

If the authorization is given for a particular column or set of columns using a generic profile, the RACF access control module returns an asterisk ('*') in output field XAPLONWT and sends a return code of 0. Db2 provides the column name included in XAPLREL1 to the RACF access control module.