SYSSCHEMAAUTH catalog table

The SYSSCHEMAAUTH table contains one or more rows for each user that is granted a privilege on a particular schema in the database. The schema is SYSIBM.

Start of changeFL 505 SYSIBM.SYSSCHEMAAUTH has an associated history table, SYSIBM.SYSSCHEMAAUTH_H, which provides temporal versioning of the catalog table. Both tables contain the same columns, with the same data types. The temporal relationship must be enabled before the history table can be used. Rows in the history table can be deleted by using the REORG TABLESPACE DISCARD option. For information about enabling the temporal relationship, see Temporal versioning for Db2 security-related catalog tables.End of change

Table 1. SYSIBM.SYSSCHEMAAUTH table column descriptions
Column name Data type Description Use
GRANTOR
VARCHAR(128)
NOT NULL
 Authorization ID of the user who granted the privileges or SYSADM. G
GRANTEE
VARCHAR(128)
NOT NULL
 Authorization ID of the user or group who holds the privileges. Can also be PUBLIC for a grant to PUBLIC. G
SCHEMANAME
VARCHAR(128)
NOT NULL
 Name of the schema or '*' for all schemas. G
AUTHHOWGOT
CHAR(1)
NOT NULL
 Authorization level of the user from whom the privileges were received. This authorization level is not necessarily the highest authorization level of the grantor.
This field is also used to indicate that the privilege was held on all schemas by the grantor.
1
Grantor had privilege on all schemas at time of grant
E
SECADM
G
ACCESSCTRL
L
SYSCTRL
S
SYSADM
 G
CREATEINAUTH
CHAR(1)
NOT NULL
 Indicates whether grantee holds CREATEIN privilege on the schema:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
 G
ALTERINAUTH
CHAR(1)
NOT NULL
 Indicates whether grantee holds ALTERIN privilege on the schema:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
 G
DROPINAUTH
CHAR(1)
NOT NULL
 Indicates whether grantee holds DROPIN privilege on the schema:
blank
Privilege is not held
G
Privilege is held with the GRANT option
Y
Privilege is held without the GRANT option
 G
GRANTEDTS
TIMESTAMP
NOT NULL
 Time when the GRANT statement was executed. G
IBMREQD
CHAR(1)
NOT NULL
 A value of Y indicates that the row was provided with the Db2 product code. For all other values, see Release dependency indicators.

The value in this field is not a reliable indicator of release dependencies.

 G
GRANTEETYPE
CHAR(1)
NOT NULL WITH
DEFAULT
 Indicates the type of grantee:
blank
Authorization ID
L
Role
 G
GRANTORTYPE
CHAR(1)
NOT NULL WITH
DEFAULT
 Indicates the type of grantor:
blank
Authorization ID
L
Role
 G
SYS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW BEGIN
 FL 505 Start of changeThe row-begin column of the SYSTEM_TIME period, for system-period data versioning.End of change G
SYS_END
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW END
 FL 505 Start of changeThe row-end column of the SYSTEM_TIME period, for system-period data versioning.End of change G
TRANS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS TRANSACTION
START ID
 FL 505 Start of changeThe transaction-start-ID column, for system-period data versioning.End of change G
Start of changeFL 505 GEN_SESSION_USEREnd of change Start of change
VARCHAR(128)
GENERATED ALWAYS AS (SESSION_USER)
End of change		 Start of changeThe value of the SESSION_USER special register. This column contains a null value when the value is unknown for the existing rows prior to catalog level V13R1M505.End of change Start of changeGEnd of change