Schema privileges
Resources: Schemas
Resource type: M
Db2 privileges
ALTERIN
XAPLPRIV value: ALTINAUTM
Privcode 252 (x'FC')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the object?
If so, XAPLUPRM must match the owner name of the object being altered passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.object-name.ALTERIN | MDSNSC or GDSNSC |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
CHANGE NAME QUALIFIER
XAPLPRIV value: QUALAUTM
Privcode 76 (x'4C')
If the object owner is passed from Db2 in the XAPLOWNR parameter, and the user or the role that is associated with the user owns the object, the XAPLUPRM value must match the owner name in the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or the XAPLUCHK value must match the XAPLOWNR value, and the XAPLUCKT value must match the XAPLONRT value.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
| Note: No RACF audit record or ICH408I message is generated
for a failure related to this privilege. RACF will audit successes, if specified.
|
|
COMMENT ON
XAPLPRIV value: COMNTAUTM
Privcode 97 (x'61')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the object?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.object-name.ALTERIN | MDSNSC or GDSNSC |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
CREATEIN
XAPLPRIV value: CREINAUTM
Privcode 261 (x'105')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOBJN parameter.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.CREATEIN | MDSNSC or GDSNSC |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
DROPIN
XAPLPRIV value: DRPINAUTM
Privcode 262 (x'106')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user own the object?
If so, XAPLUPRM or XAPLUCHK must match the owner name passed from Db2 by the XAPLOWNR parameter.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.object-name.DROPIN | MDSNSC or GDSNSC |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |