View privileges
Resources: Views
Resource type: V
Db2 privileges
ALTER
XAPLPRIV value: ALTERAUTV
Privcode 61 (x'3D')
Does the user or the role associated with the user own the view?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
COMMENT ON
XAPLPRIV value: COMNTAUTV
Privcode 97 (x'61')
Does the user or the role associated with the user own the view?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
DELETE
XAPLPRIV value: DELETAUTV
Privcode 52 (x'34')
Is the view updatable or read-only created from a single table?
If
so, does the user or the role associated with the user own the table?
This is determined by checking the other object owner
(XAPLOOON)
and other object owner type
(XAPLOOOT) fields. XAPLOOOT contains
an L if the owner is a role and a blank if the owner
is not a role. These values must match the corresponding authorization
ID values in XAPLUCHK (authorization ID) and XAPLUCKT (type of authorization
ID). In addition, If XAPLOOOT is a blank (XAPLOOON is not a role),
then if XAPLUPRM matches XAPLOOON, the user owns the table.
If XAPLACAC is enabled (XAPLFLG2 bit 5 is '1'B ) and XAPLUCHK is an authid, suppress the ownership check for XAPLUCHK.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.table-qualifier.table-name.view-qualifier.view-name.DELETE | MDSNTB or GDSNTB |
| Db2-subsystem.database-name.DBADM | DSNADM |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
- table-qualifier, table-name, and database-name are for the base table of the view.
- For an implicit database, database-name is DSNDB04.
Is the view created from multiple tables or views)?
If so, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.view-qualifier.view-name.DELETE | MDSNTB or GDSNTB |
| Db2-subsystem.SYSADM | DSNADM |
DROP
XAPLPRIV value: DROPAUTV
Privcode 73 (x'49')
Does the user or the role associated with the user own the view?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
 Db2-subsystem.Db2-database-name-n.DBADM |
DSNADM |
INSERT
XAPLPRIV value: INSRTAUTV
Privcode 51 (x'33)
Is the view updatable (for example, a view created from a single table)?
If so, does the user or the role associated
with the user own the table? This is determined by checking the other
object owner
(XAPLOOON) and other object owner type
(XAPLOOOT)
fields. XAPLOOOT contains an L if the owner is a
role and a blank if the owner is not a role. These values must match
the corresponding authorization ID values in XAPLUCHK (authorization
ID) and XAPLUCKT (type of authorization ID). In addition, If XAPLOOOT
is a blank (XAPLOOON is not a role), then if XAPLUPRM matches XAPLOOON,
the user owns the table.
If XAPLACAC is enabled (XAPLFLG2 bit 5 is '1'B ) and XAPLUCHK is an authid, suppress the ownership check for XAPLUCHK.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.table-qualifier.table-name.view-qualifier.view-name.INSERT | MDSNTB or GDSNTB |
| Db2-subsystem.database-name.DBADM | DSNADM |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
- table-qualifier, table-name, and database-name are for the base table of the view.
- For an implicit database, database-name is DSNDB04.
Is the view a read-only view (for example, created from multiple tables)?
If so, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.view-qualifier.view-name.INSERT | MDSNTB or GDSNTB |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
INSTEAD OF TRIGGER
XAPLPRIV value: TRIGAUTV
Privcode 55 (x'37')
Does the user or the role associated with the user own the view?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
REGENERATE VIEW
XAPLPRIV value: ALTERAUTV
Privcode 61 (x'3D')
Does the user or the role associated with the user own the view?
If so, XAPLUPRM must match the owner name passed from Db2 by the XAPLOWNR parameter when XAPLONRT indicates an authorization ID, or XAPLUCHK must match XAPLOWNR and XAPLUCKT must match XAPLONRT.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.SYSCTRL | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
SELECT
XAPLPRIV value: SELCTAUTV
Privcode 50 (x'32')
The user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.view-qualifier.view-name.SELECT | MDSNTB or GDSNTB |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
UPDATE
XAPLPRIV value: UPDTEAUTV
Privcode 53 (x'35')
Is the view updatable (for example, a view created from a single table)?
If so, does the user or the role associated
with the user own the table? This is determined by checking the other
object owner
(XAPLOOON) and other object owner type
(XAPLOOOT)
fields. XAPLOOOT contains an L if the owner is a
role and a blank if the owner is not a role. These values must match
the corresponding authorization ID values in XAPLUCHK (authorization
ID) and XAPLUCKT (type of authorization ID). In addition, If XAPLOOOT
is a blank (XAPLOOON is not a role), then if XAPLUPRM matches XAPLOOON,
the user owns the table.
If XAPLACAC is on (XAPLFLG2 bit 5 is '1'B ), and XAPLUCHK is an authid, suppress the ownership check for XAPLUCHK.
If not, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.table-qualifier.table-name.view-qualifier.view-name.UPDATE | MDSNTB or GDSNTB |
| Db2-subsystem.table-qualifier.table-name.column-name.view-qualifier.view-name.UPDATE | MDSNTB or GDSNTB |
| Db2-subsystem.database-name.DBADM | DSNADM |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
- table-qualifier, table-name, column-name, and database-name are for the base table of the view.
- For an implicit database, database-name is DSNDB04.
Is the view a read-only view (for example, created from multiple tables)?
If so, the user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.view-qualifier.view-name.UPDATE | MDSNTB or GDSNTB |
| Db2-subsystem.view-qualifier.view-name.column-name.UPDATE | MDSNTB or GDSNTB |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
"Any table" authority
XAPLPRIV value: ANYTBAUTV
Privcode 233 (x'E9')
The user must have sufficient authority to:
| One of these resources: | In class: |
|---|---|
| Db2-subsystem.view-qualifier.view-name.SELECT | MDSNTB or GDSNTB |
| Db2-subsystem.view-qualifier.view-name.INSERT | MDSNTB or GDSNTB |
| Db2-subsystem.view-qualifier.view-name.UPDATE | MDSNTB or GDSNTB |
| Db2-subsystem.view-qualifier.view-name.DELETE | MDSNTB or GDSNTB |
| Db2-subsystem.EXPLAIN | MDSNSM or GDSNSM |
| Db2-subsystem.SQLADM | MDSNSM or GDSNSM |
| Db2-subsystem.SYSDBADM | DSNADM |
| Db2-subsystem.DATAACCESS | DSNADM |
| Db2-subsystem.ACCESSCTRL This check is bypassed for user tables. |
DSNADM |
| Db2-subsystem.SYSCTRL This check is bypassed when bit 7 of XAPLFLG1 (XAPLUTB) is on. |
DSNADM |
| Db2-subsystem.SYSADM | DSNADM |
| Db2-subsystem.SECADM This check is bypassed when bit 7 of XAPLFLG1 (XAPLUTB) is on. |
DSNADM |