Role-based access control within Db2

A privilege enables the user of an ID to execute certain SQL statements or to access the objects of another user. A role groups the privileges together so that they can be simultaneously granted to and revoked from multiple users.

A role is a database object that is created in Db2. It is defined through the SQL CREATE ROLE statement and a trusted connection. A role cannot be used outside of a trusted context unless the user in a role grants privileges to an ID.