Implicit privileges of ownership from other objects

The owner of a table space or index space in an implicitly created database has implicit privileges on these objects.

The term other object is used to refer to these objects. The owner of the other object can be an authorization ID or a role.

Rules for certain database and table space privileges check for ownership of the other object. If the other object is owned by an authorization ID, the RACF access control module authorizes access and returns a return code 0 in EXPLRC1 and reason code 17 in EXPLRC2. If the other object is owned by the role associated with the user, the RACF access control module authorizes access and returns a return code 0 in EXPLRC1 and reason code 18 in EXPLRC2. For information about which privileges check for ownership of the other object, see RACF authorization checking reference.

All of the information needed for these checks is included in control block DSNDXAPL which Db2 passes to the RACF access control module. For more information on the fields involved, see Checks for implicit privileges of ownership.

If these checks fail, profile checking occurs. For details, see RACF authorization checking reference.