Db2 administrative authorities and object names
The RACF access control module constructs the RACF resource name using information that is passed in XAPLOBJN, XAPLOWNQ, or XAPLREL2.
The content of these fields depends on the input object type, XAPLTYPE.
These checks are made using profiles in the Db2 administrative authority class DSNADM. Db2 also includes the SQLADM administrative authority in the systems class MDSNSM GDSNSM.
This table lists the Db2 administrative authorities and the associated RACF object qualifiers:
| Administrative authority | RACF object qualifier |
|---|---|
| ACCESSCTRL | — |
| DATAACCESS | — |
| DBADM | database-name |
| DBCTRL | database-name |
| DBMAINT | database-name |
| PACKADM | collection-ID |
| SECADM | — |
| SQLADM | — |
| SYSADM | — |
| SYSCTRL | — |
| SYSDBADM | — |
| SYSOPR | — |
Note: The format of the Db2 object
names is defined by Db2.