Implicit privileges through object ownership

When you create a Db2 object by issuing an SQL statement, you establish its name and its ownership. By default, the owner implicitly holds certain privileges on the object.

Begin general-use programming interface information.However, this general rule does not apply to a plan or package that is not created with SQL CREATE statements. In other words, when you own an object other than a plan or package, you have implicit privileges over the object. The following table describes the implicit privileges of ownership for each type of object:

Table 1. Implicit privileges of ownership by object type
Object type Implicit privileges of ownership
Alias To drop the alias
Database DBCTRL or DBADM authority over the database, depending on the privilege (CREATEDBC or CREATEDBA) that is used to create it. DBCTRL authority does not include the privilege to access data in tables in the database.
Distinct type To use or drop a distinct type
Global variable To create, alter, comment on, use, or drop the variable.
Index To alter, comment on, or drop the index
JAR (Java™ class for a routine) To replace, use, or drop the JAR
Package To bind, rebind, free, copy, execute, drop, or comment on the package
Plan To bind, rebind, free, execute, or comment on the plan
Role To create, alter, commit, drop, or comment on the role
Sequence To alter, comment on, use, or drop the sequence
Storage group To alter or drop the group and to name it in the USING clause of a CREATE INDEX or CREATE TABLESPACE statement
Stored procedure To execute, alter, drop, start, stop, or display a stored procedure
Synonym To use or drop the synonym
Table
  • To alter or drop the table or any indexes on it
  • To lock the table, comment on it, or label it
  • To create an index or view for the table
  • To select or update any column (if there is no row permission or column mask defined or if the row permission and the column mask definition allows the access)
  • To insert, delete, select, or update any row (if there is no row permission defined or if the row permission definition allows the access)
  • To use the LOAD utility for the table
  • To define referential constraints on any table or set of columns
  • To create a trigger on the table
  • To comment on the table
Table space To alter or drop the table space and to name it in the IN clause of a CREATE TABLE statement
Trusted context To create, alter, commit, revoke, or comment on the trusted context
User-defined functions To execute, alter, drop, start, stop, or display a user-defined function
View
  • To drop, comment on, or label the view, or to select any row or column
  • To execute UPDATE, INSERT, or DELETE on the view if the view is defined with the INSTEAD OF TRIGGER clause
End general-use programming interface information.