Db2 GRANT statements

The RACF access control module does not call RACF for Db2 GRANT statement checking.

The RACF access control module provides RACF authorization checking of all privileges for all Db2 objects listed in Privilege names When RACF is called by the RACF access control module, it does not use Db2 authorizations given using Db2 GRANT statements but uses only the resources you defined to RACF.

Structured Query Language (SQL) allows authorities to be held with the WITH GRANT option, which allows users to GRANT those privileges to others. The RACF access control module does not provide this support.

SQL supports the GRANT ALL privilege for any Db2 object. When you use the RACF access control module, you can issue a generic RACF PERMIT command to provide the equivalent support. The following command authorizes a user to all Db2 privileges on a Db2 table.

Example:

PERMIT Db2-subsystem.table-qualifier.table-name.* CLASS (MDSNTB)
ID(userid) ACCESS(READ)