Automatic rebind authorization

If you execute a package that is marked invalid, Db2 attempts to rebind it. If the package contains static SQL statements, Db2 checks the owner for the required authorization for a successful rebind.

Begin program-specific programming interface information. If RACF® access control is used, the owner of the plan or package must be a Db2 role for the automatic rebind to complete successfully.

AUTHEXIT_CHECK subsystem parameter

An alternative is to set the AUTHEXIT_CHECK system parameter to DB2. With that setting in effect, Db2 provides the ACEE of the package owner to perform authorization checking when processing autobinds or BIND and REBIND commands. Start of change Db2 provides the ACEE of the authorization ID, as determined by the DYNAMICRULES option with bind behavior, to perform dynamic SQL authorization checking at run time. End of change The access control authorization exit uses the ACEE for XAPLUCHK for authorization checking. The XAPLUCHK authorization ID can be a user or a group in RACF. To ensure successful authorization checks with the owner ACEE, the owner authorization ID in XAPLUCHK must be permitted access to the resources in RACF. End program-specific programming interface information.