Data access administration authority (DATAACCESS)

DATAACCESS is the authority that allows access to data within a specific database.

DATAACCESS authority can be granted only by the security administrator (who holds SECADM authority). It can be granted to a user, a group, or a role. PUBLIC cannot obtain the DATAACCESS authority either directly or indirectly.

For all tables, views, materialized query tables, and nicknames it gives these authorities and privileges:
  • LOAD authority on the database
  • SELECT privilege (including system catalog tables and views)
  • INSERT privilege
  • UPDATE privilege
  • DELETE privilege
In addition, DATAACCESS authority provides the following privileges:
  • EXECUTE on all packages
  • Note: With the release of the Db2 security special build 41268, the DATAACCESS authority cannot execute the SYSIBMADM.UTL_DIR module unless the DB2_ALTERNATE_AUTHZ_BEHAVIOUR registry variable is set to UTL_DIR_DATAACCESS.
  • EXECUTE on all routines (except audit routines, the SET_MAINT_MODE_RECORD_NO_TEMPORALHISTORY procedure, and the encryption related routines ADMIN_ROTATE_MASTER_KEY and ADMIN_GET_ENCRYPTION_INFO)
  • EXECUTE on all modules
  • READ on all global variables and WRITE on all global variables except variables which are read-only
  • USAGE on all XSR objects
  • USAGE on all sequences