Stored procedure privileges
Resources: Stored procedures
Resource type: O
Db2 privileges
DISPLAY
XAPLPRIV value: DISPAUTO
Privcode 267 (x'10B')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the stored procedure?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.procedure-name.DISPLAY | MDSNSP or GDSNSP |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSOPR | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
EXECUTE
XAPLPRIV value: CHKEXECO
Privcode 64 (x'40')
Does the user or the role associated with the user own the specific stored procedure?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If XAPLACAC is enabled (XAPLFLG2 bit 5 is '1'B ) and XAPLUCHK is an authorization ID, suppress the ownership check for XAPLUCHK.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.schema-name.specific-procedure-name.EXECUTE | MDSNSP or GDSNSP |
| Db2-subsystem.SQLADM This check is performed only for system defined packages. |
MDSNSM or GDSNSM |
| Db2-subsystem.SYSDBADM This check is performed only for system defined packages. |
DSNADM |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
If the stored procedure has a package, the user must have sufficient authority to execute the package. See Package privileges.
START
XAPLPRIV value: STRTAUTO
Privcode 265 (x'109')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the stored procedure?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSOPR | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
STOP
XAPLPRIV value: STPAUTO
Privcode 266 (x'10A')
Does the user match the schema name?
If so, XAPLUPRM or XAPLUCHK must match the schema name passed from Db2 by the XAPLOWNQ parameter.
If not, does the user or the role associated with the user own the stored procedure?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSOPR | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |