User-defined function privileges

Resources: User-defined functions

Resource type: F

Db2 privileges

DISPLAY

XAPLPRIV value: DISPAUTF

Privcode 267 (x'10B')

Does the user match the schema name?

If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.

If not, does the user or the role associated with the user own the user-defined function?

If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.

If XAPLACAC is enabled (XAPLFLG2 bit 5 is '1'B ) and XAPLUCHK is an authid, suppress the ownership check for XAPLUCHK.

If not, the user must have sufficient authority to:

One of these resources: In class:
Db2-subsystem.schema-name.function-name.DISPLAY MDSNUF or GDSNUF
Db2-subsystem.SYSDBADM DSNADM
Db2-subsystem.SYSOPR DSNADM
Db2-subsystem.SYSCTRL DSNADM
Db2-subsystem.SYSADM DSNADM

EXECUTE

XAPLPRIV value: CHKEXECF

Privcode 64 (x'40')

Does the user or the role associated with the user own the specific user-defined function?

If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.

If not, the user must have sufficient authority to:

One of these resources: In class:
Db2-subsystem.schema-name.specific-function-name.EXECUTE MDSNUF or GDSNUF
Db2-subsystem.SQLADM

This check is only done for system defined routines.

MDSNSM or GDSNSM
Db2-subsystem.SYSDBADM

This check is only done for system defined routines.

DSNADM
Db2-subsystem.DATAACCESS DSNADM
Db2-subsystem.SYSADM DSNADM
Note: Start of changeIf the user-defined function has a package, the user must have sufficient authority to execute the package. See Package privileges.End of change

START

XAPLPRIV value: STRTAUTF

Privcode 265 (x'109')

Does the user match the schema name?

If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.

If not, does the user or the role associated with the user own the user-defined function?

If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.

If not, the user must have sufficient authority to:

One of these resources: In class:
Db2-subsystem.SYSDBADM DSNADM
Db2-subsystem.SYSOPR DSNADM
Db2-subsystem.SYSCTRL DSNADM
Db2-subsystem.SYSADM DSNADM

STOP

XAPLPRIV value: STPAUTF

Privcode 266 (x'10A')

Does the user match the schema name?

If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.

If not, does the user or the role associated with the user own the user-defined function?

If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.

If not, the user must have sufficient authority to:

One of these resources: In class:
Db2-subsystem.SYSDBADM DSNADM
Db2-subsystem.SYSOPR DSNADM
Db2-subsystem.SYSCTRL DSNADM
Db2-subsystem.SYSADM DSNADM