When a new database is created, PUBLIC
is given IMPLICIT_SCHEMA database authority, unless the RESTRICTIVE option
is specified on the CREATE DATABASE command.
With the IMPLICIT_SCHEMA authority, a user can
create a schema by creating an object and specifying a schema name
that does not already exist. SYSIBM becomes the owner of the implicitly
created schema and PUBLIC is given the privilege to create objects
in this schema.
If control of who can implicitly create schema objects is required
for the database, IMPLICIT_SCHEMA database authority should be revoked
from PUBLIC. Once this is done, there are only three (3) ways that
a schema object is created:
- Any user can create a schema using their own authorization name
on a CREATE SCHEMA statement.
- Any user with DBADM authority can explicitly create any schema
which does not already exist, and can optionally specify another user
as the owner of the schema.
- Any user with DBADM authority has IMPLICIT_SCHEMA
database authority, so that they can implicitly create a schema with
any name at the time they are creating other database objects. SYSIBM
becomes the owner of the implicitly created schema and PUBLIC has
the privilege to create objects in the schema.