SYSPACKAUTH catalog table

The SYSPACKAUTH table records the privileges that are held by users over packages. The schema is SYSIBM.

Start of changeFL 505 SYSIBM.SYSPACKAUTH has an associated history table, SYSIBM.SYSPACKAUTH_H, which provides temporal versioning of the catalog table. Both tables contain the same columns, with the same data types. The temporal relationship must be enabled before the history table can be used. Rows in the history table can be deleted by using the REORG TABLESPACE DISCARD option. For information about enabling the temporal relationship, see Temporal versioning for Db2 security-related catalog tables.End of change

Table 1. SYSIBM.SYSPACKAUTH table column descriptions
Column name Data type Description Use
GRANTOR
VARCHAR(128)
NOT NULL
 Authorization ID of the user who granted the privilege. Could also be PUBLIC. G
GRANTEE
VARCHAR(128)
NOT NULL
 Authorization ID of the user who holds the privileges, the name of a plan that uses the privileges or PUBLIC for a grant to PUBLIC. G
LOCATION
VARCHAR(128)
NOT NULL
 Always contains blanks S
COLLID
VARCHAR(128)
NOT NULL
 Collection name for the package or packages on which the privilege was granted. G
NAME
VARCHAR(128)
NOT NULL
 Name of the package on which the privileges are held. An asterisk (*) if the privileges are held on all packages in a collection. G
CONTOKEN
CHAR(8)
NOT NULL
FOR BIT DATA
 Start of change

Consistency token for the package, as stored in the SYSPACKAGE catalog table.

The value can also be blank.

Db2 does not use this value to determine authorization for package operations such as bind, copy, or execution.

End of change		 Start of changeSEnd of change
TIMESTAMP
TIMESTAMP
NOT NULL
 Timestamp indicating when the privilege was granted. G
GRANTEETYPE
CHAR(1)
NOT NULL
 Type of grantee:
blank
An authorization ID
L
Role
P
An application plan
 G
AUTHHOWGOT
CHAR(1)
NOT NULL
 Authorization level of the user from whom the privileges were received. This authorization level is not necessarily the highest authorization level of the grantor.
blank
Not applicable
A
PACKADM (on collection *)
C
DBCTRL
D
DBADM
E
SECADM
G
ACCESSCTRL
L
SYSCTRL
M
DBMAINT
P
PACKADM (on a specific collection)
S
SYSADM
T
DATAACCESS
 G
BINDAUTH
CHAR(1)
NOT NULL
 Whether GRANTEE can use the BIND and REBIND subcommands on the package:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
 G
COPYAUTH
CHAR(1)
NOT NULL
 Whether GRANTEE can COPY the package:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
 G
EXECUTEAUTH
CHAR(1)
NOT NULL
 Whether GRANTEE can execute the package:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
 G
IBMREQD
CHAR(1)
NOT NULL
 A value of Y indicates that the row was provided with the Db2 product code. For all other values, see Release dependency indicators.

The value in this field is not a reliable indicator of release dependencies.

 G
GRANTORTYPE
CHAR(1)
NOT NULL WITH
DEFAULT
 Indicates the type of grantor:
blank
Authorization ID
L
Role
 G
SYS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW BEGIN
 FL 505 Start of changeThe row-begin column of the SYSTEM_TIME period, for system-period data versioning.End of change G
SYS_END
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW END
 FL 505 Start of changeThe row-end column of the SYSTEM_TIME period, for system-period data versioning.End of change G
TRANS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS TRANSACTION
START ID
 FL 505 Start of changeThe transaction-start-ID column, for system-period data versioning.End of change G
Start of changeFL 505 GEN_SESSION_USEREnd of change Start of change
VARCHAR(128)
GENERATED ALWAYS AS (SESSION_USER)
End of change		 Start of changeThe value of the SESSION_USER special register. This column contains a null value when the value is unknown for the existing rows prior to catalog level V13R1M505.End of change Start of changeGEnd of change