User-defined function privileges
Resources: User-defined functions
Resource type: F
Db2 privileges
DISPLAY
XAPLPRIV value: DISPAUTF
Privcode 267 (x'10B')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the user-defined function?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If XAPLACAC is enabled (XAPLFLG2 bit 5 is '1'B ) and XAPLUCHK is an authid, suppress the ownership check for XAPLUCHK.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.function-name.DISPLAY | MDSNUF or GDSNUF |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSOPR | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
EXECUTE
XAPLPRIV value: CHKEXECF
Privcode 64 (x'40')
Does the user or the role associated with the user own the specific user-defined function?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.specific-function-name.EXECUTE | MDSNUF or GDSNUF |
| Db2-subsystem.SQLADM This check is only done for system defined routines. |
MDSNSM or GDSNSM |
| Db2-subsystem.SYSDBADM This check is only done for system defined routines. |
DSNADM |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
If the user-defined function has a package, the user must have sufficient authority to execute the package. See Package privileges.
START
XAPLPRIV value: STRTAUTF
Privcode 265 (x'109')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the user-defined function?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSOPR | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
STOP
XAPLPRIV value: STPAUTF
Privcode 266 (x'10A')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the user-defined function?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSOPR | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |