View authorization

For the DELETE and INSERT privileges, Db2 passes the schema and name of the base table in the XAPLBSCM and XAPLBSNAM fields, along with the information about the view itself. For the UPDATE privilege, Db2 additionally passes the name of the base table column in the XAPLBCOL field that is being updated.

For any view in a nested stack, Db2 passes the base table information in addition to that of the view itself. All the intermediate views between the base table and the view that is being processed are ignored.

In the cases when the view is not updatable, the view information will be repeated in the XAPLBSCM, XAPLBSNAM, and XAPLBCOL fields. For example, if the view is specified with the Instead of Trigger, the base table of the view is not being updated using the view because all processing is based on the content of the trigger package. The view information is repeated in the base table fields to facilitate any view authorization check.

When a view is created, Db2 checks whether the owner of the view has the INSERT, UPDATE and DELETE privileges on the underlying base table. Db2 performs this check to determine what privileges should be granted to the view owner. This processing occurs whether or not an ACAE routine, like the RACF® access control module, is in effect. If an ACAE routine is in effect, the result of the Db2 authorization check does not impact the creation of the view or the privileges that the view owner gets on the view. In the case when the view is created based on another view, the base view information will be repeated in the XAPLBSCM, XAPLBSNAM, and XAPLBCOL fields.