SYSROUTINEAUTH catalog table

The SYSROUTINEAUTH table records the privileges that are held by users on routines. (A routine can be a user-defined function, cast function, or stored procedure.) The schema is SYSIBM.

Start of changeFL 505 SYSIBM.SYSROUTINEAUTH has an associated history table, SYSIBM.SYSROUTINEAUTH_H, which provides temporal versioning of the catalog table. Both tables contain the same columns, with the same data types. The temporal relationship must be enabled before the history table can be used. Rows in the history table can be deleted by using the REORG TABLESPACE DISCARD option. For information about enabling the temporal relationship, see Temporal versioning for Db2 security-related catalog tables.End of change

Table 1. SYSIBM.SYSROUTINEAUTH table column descriptions
Column name Data type Description Use
GRANTOR
VARCHAR(128)
NOT NULL
 Authorization ID of the user who granted the privilege. G
GRANTEE
VARCHAR(128)
NOT NULL
 Authorization ID of the user who holds the privilege or the name of a plan or package that uses the privilege. Can also be PUBLIC for a grant to PUBLIC. G
SCHEMA
VARCHAR(128)
NOT NULL
 Schema of the routine G
SPECIFICNAME
VARCHAR(128)
NOT NULL
 Specific name of the routine. An asterisk (*) if the privilege is held on all routines in the schema. G
GRANTEDTS
TIMESTAMP
NOT NULL
 Time when the GRANT statement was executed. G
ROUTINETYPE
CHAR(1)
NOT NULL
 Type of routine:
F
User-defined function or cast function
P
Stored procedure
 G
GRANTEETYPE
CHAR(1)
NOT NULL
 Type of grantee:
blank
An authorization ID
L
Role
P
An application plan or package. The grantee is a package if COLLID is not blank.
R
Internal use only
 G
AUTHHOWGOT
CHAR(1)
NOT NULL
 Authorization level of the user from whom the privileges were received. This authorization level is not necessarily the highest authorization level of the grantor.
This field is also used to indicate that the privilege was held on all schemas by the grantor.
blank
Not applicable
1
Grantor had privilege on schema.* at time of grant
E
SECADM
G
ACCESSCTRL
L
SYSCTRL
S
SYSADM
T
DATAACCESS
 G
EXECUTEAUTH
CHAR(1)
NOT NULL
 Whether GRANTEE can execute the routine:
Y
Privilege is held without GRANT option.
G
Privilege is held with GRANT option.
 G
COLLID
VARCHAR(128)
NOT NULL
 If the GRANTEE is a package, its collection name. Otherwise, the value is blank. G
CONTOKEN
CHAR(8)
NOT NULL
FOR BIT DATA
 If the GRANTEE is a package, the consistency token of the DBRM from which the package was derived. Otherwise, the value is blank. G
IBMREQD
CHAR(1)
NOT NULL
A value of Y indicates that the row was provided with the Db2 product code. For all other values, see Release dependency indicators.

The value in this field is not a reliable indicator of release dependencies.

 G
GRANTORTYPE
CHAR(1)
NOT NULL WITH
DEFAULT
 Indicates the type of grantor:
blank
Authorization ID
L
Role
 G
SYS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW BEGIN
 FL 505 Start of changeThe row-begin column of the SYSTEM_TIME period, for system-period data versioning.End of change G
SYS_END
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW END
 FL 505 Start of changeThe row-end column of the SYSTEM_TIME period, for system-period data versioning.End of change G
TRANS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS TRANSACTION
START ID
 FL 505 Start of changeThe transaction-start-ID column, for system-period data versioning.End of change G
Start of changeFL 505 GEN_SESSION_USEREnd of change Start of change
VARCHAR(128)
GENERATED ALWAYS AS (SESSION_USER)
End of change		 Start of changeThe value of the SESSION_USER special register. This column contains a null value when the value is unknown for the existing rows prior to catalog level V13R1M505.End of change Start of changeGEnd of change