How Db2 determines the authorization for invoking user-defined functions

Both the authorization used to invoke a user-defined function (UDF) and the authorization used for executing each SQL statement in the function influence the processing of a UDF.

The authorization that is required to invoke a user defined function depends on the whether the UDF is invoked statically or dynamically:

For static invocations, the authorization of the owner of the package that contains the invocation of the UDF is used.
For dynamic invocations, the DYNAMICRULES bind option of the package that contains the invocation of the user-defined determines the authorization that is used. For more information about how Db2 applies the DYNAMICRULES bind option, see DYNAMICRULES bind option.

Similarly, the authorization that Db2 uses to process each SQL statement inside a UDF depends on whether the statement is a static or dynamic SQL statement:

For static SQL statements, the authorization of the owner of the UDF is used.
For dynamic SQL statements, the DYNAMICRULES option of the CREATE FUNCTION statement determines the authorization that is used.