Authorization behaviors for dynamic SQL statements

The two key factors that influence authorization behaviors are the DYNAMICRULES value and the run time environment of a package. The combination of the DYNAMICRULES value and the run time environment determine the values for the dynamic SQL attributes. Those attribute values are called the authorization behaviors.

Begin general-use programming interface information.The DYNAMICRULES option on the BIND or REBIND command determines the values that apply at run time for the following dynamic SQL attributes:

  • The authorization ID or role that is used to check authorization
  • The qualifier that is used for unqualified objects
  • The source for application programming options that Db2 uses to parse and semantically verify dynamic SQL statements

The DYNAMICRULES option also determines whether dynamic SQL statements can include GRANT, REVOKE, ALTER, CREATE, DROP, and RENAME statements.

In addition to the DYNAMICRULES value, the run time environment of a package controls how dynamic SQL statements behave at run time. The two possible run time environments are:

  • The package runs as part of a stand-alone program.
  • The package runs as a stored procedure or user-defined function package, or runs under a stored procedure or user-defined function.

    A package that runs under a stored procedure or user-defined function is a package whose associated program meets one of the following conditions:

    • The program is called by a stored procedure or user-defined function.
    • The program is in a series of nested calls that start with a stored procedure or user-defined function.End general-use programming interface information.