Simplifying access authorization for routines

You can simplify authorization for routines in several ways without violating any of the authorization standards at your installation.

Procedure

Begin general-use programming interface information.To simplify authorization, consider the following strategies :

  • Have the implementer bind the user-defined function package using DYNAMICRULES define behavior.
    With this behavior in effect, Db2 only needs to check the definer's ID to execute dynamic SQL statements in the routine. Otherwise, Db2 needs to check the many different IDs that invoke the user-defined function.
  • If you have many different routines, group those routines into schemas. Then grant EXECUTE on the routines in the schema to the appropriate users.
    Users have execute authority on any functions that you add to that schema.
    To grant the EXECUTE privilege on a schema to PUBLIC, issue the following statement: 
    GRANT EXECUTE ON FUNCTION schemaname.* TO PUBLIC;
    End general-use programming interface information.