Checks for implicit privileges of ownership

The RACF access control module performs the checks for implicit privileges of ownership.

For an implicitly created database, the module must also check the ownership of other objects, such as the table space or index space. The owner of the other object in the decision is in the XAPLOOON and XAPLOOOT fields. The other object is in the XAPLOONM field. The following table shows these checks.

Table 1. Checks for implicit privileges of ownership
Type of owner (XAPLONRT)	Type of authorization ID checked (XAPLUCKT)	Checks performed	Reason code (EXPLRC2)
Authorization ID	Authorization ID	If XAPLOWAC is on, XAPLUPRM is set to the ID that Db2 performs authorization checking (XAPLUCHK) `XAPLOWNR=XAPLUCHK XAPLOWNR=XAPLUPRM` If `XAPLACAC` is on, RACF does not perform the check for `XAPLOWNR=XAPLUCHK`.	13
Authorization ID	Role	`XAPLOWNR=XAPLUPRM`	13
Role	Authorization ID	`XAPLOWNR=XAPLROLE`	16
Role	Role	If XAPLFLG1=B'1xxxxxxx': `XAPLOWNR=XAPLUCHK XAPLOWNR=XAPLROLE`	16
Role	Role	If XAPLFLG1=B'0xxxxxxx': `XAPLOWNR=XAPLUCHK`	16

Table 2. Checks for implicit privileges of ownership of table and index spaces in implicitly created databases
Type of owner (XAPLOOOT)	Type of authorization ID checked (XAPLUCKT)	Checks performed	Reason code (EXPLRC2)
Authorization ID	Authorization ID	If XAPLOWAC is on, XAPLUPRM is set to the ID that Db2 performs authorization checking (XAPLUCHK) `XAPLOOON=XAPLUCHK XAPLOOON=XAPLUPRM` If `XAPLACAC` is on, RACF does not perform the check for `XAPLOOON=XAPLCHK`.	17
Authorization ID	Role	`XAPLOOON=XAPLUPRM`	17
Role	Authorization ID	`XAPLOOON=XAPLROLE`	18
Role	Role	If XAPLFLG1=B'1xxxxxxx': `XAPLOOON=XAPLUCHK XAPLOOON=XAPLROLE`	18
Role	Role	If XAPLFLG1=B'0xxxxxxx': `XAPLOOON=XAPLUCHK`	18