Start of change

When Db2 creates an ACEE

When no ACEE is available for the primary authorization ID, Db2 might create one in certain situations.

For example, Db2 creates an ACEE in the following situations:

  • For key label access when the ENCRYPT_DATAKEY or DECRYPT_DATAKEY_type built-in functions are used.
  • For managing tamper-proof audit policies.

After this ACEE is created, Db2 provides it for any authorization checks performed by the exit. As a result, any authorization checks completed after the creation of the ACEE might result in a different return code from the exit.

End of change