CREATE VIEW privilege

If you have sufficient authority, you can create views for other users.

If the installation option DBADM CREATE AUTH on panel DSNTIPP (subsystem parameter DBACRVW) is set to YES during Db2 installation, users with DBADM authority for any database can create views for other users.

When a view is based on tables or a combination of tables and views from more than one database, the view creator must have DBADM for at least one database that contains a table referenced in the view.

The RACF access control module checks the user's DBADM authorization for each database in the list if the XAPLCRVW field indicates that the DBACRVW subsystem parameter is enabled, and the CREATE VIEW privilege is not allowed by the following resources:

• SYSCTRL
• SYSADM
• SYSDBADM

For implicit databases, the check is done on DSNDB04. The result of each DBADM check is placed in the XAPLDBDA field associated with each database.

If a view name is specified with an explicit qualifier, an authorization check for create view authority (CRTVUAUTT) is performed. If the explicit qualifier is a secondary authorization ID (RACF group) of the process, Db2 turns on failure suppression flag XAPLFSUP in the DSNDXAPL access control authorization exit parameter list to suppress unauthorized request message ICH408I during the CRTVUAUTT check. If the CRTVUAUTT check succeeds or the explicit qualifier is a secondary authorization ID, the view is created successfully, provided that the privilege set includes the necessary privileges to create the view.