CREATE ALIAS privilege

Users with DBADM or DBCTRL privilege for a database can create aliases for other users.

If the installation option DBADM CREATE AUTH on panel DSNTIPP (subsystem parameter DBACRVW) is set to YES during Db2 installation, users with DBADM or DBCTRL privilege for a database can create aliases for other users.

The RACF access control module checks the user's DBADM and DBCTRL authorization for the database if the XAPLCRVW field indicates that the DBACRVW subsystem parameter is enabled, and the CREATE ALIAS privilege is not allowed by the following resources:

SYSCTRL
SYSADM
SYSDBADM

The result of each DBADM and DBCTRL check is placed in the XAPLDBDA field associated with each database.

Start of change If an alias name is specified with an explicit qualifier, an authorization check for system authority (DB2AAUTH) is performed. If the explicit qualifier is a secondary authorization ID (RACF group) of the process, Db2 turns on failure suppression flag XAPLFSUP in the DSNDXAPL access control authorization exit parameter list to suppress unauthorized request message ICH408I during the DB2AAUTH check. If the DB2AAUTH check succeeds or the explicit qualifier is a secondary authorization ID, the alias is created successfully, provided that the privilege set includes the necessary privileges to create the alias. End of change