DB2 Version 9.7 for Linux, UNIX, and Windows

Using the system catalog for security information

Information about each database is automatically maintained in a set of views called the system catalog, which is created when the database is created. This system catalog describes tables, columns, indexes, programs, privileges, and other objects.

The following views and table functions list information about privileges held by users, identities of users granting privileges, and object ownership:

SYSCAT.COLAUTH
Lists the column privileges
SYSCAT.DBAUTH
Lists the database privileges
SYSCAT.INDEXAUTH
Lists the index privileges
SYSCAT.MODULEAUTH
Lists the module privileges
SYSCAT.PACKAGEAUTH
Lists the package privileges
SYSCAT.PASSTHRUAUTH
Lists the server privilege
SYSCAT.ROLEAUTH
Lists the role privileges
SYSCAT.ROUTINEAUTH
Lists the routine (functions, methods, and stored procedures) privileges
SYSCAT.SCHEMAAUTH
Lists the schema privileges
SYSCAT.SEQUENCEAUTH
Lists the sequence privileges
SYSCAT.SURROGATEAUTHIDS
Lists the authorization IDs for which another authorization ID can act as a surrogate.
SYSCAT.TABAUTH
Lists the table and view privileges
SYSCAT.TBSPACEAUTH
Lists the table space privileges
SYSCAT.VARIABLEAUTH
Lists the variable privileges
SYSCAT.WORKLOADAUTH
Lists the workload privileges
SYSCAT.XSROBJECTAUTH
Lists the XSR object privileges

Privileges granted to users by the system will have SYSIBM as the grantor. SYSADM, SYSMAINT SYSCTRL, and SYSMON are not listed in the system catalog.

The CREATE and GRANT statements place privileges in the system catalog. Users with ACCESSCTRL and SECADM authority can grant and revoke SELECT privilege on the system catalog views.

Related reference:
SYSCAT.COLAUTH catalog view
SYSCAT.DBAUTH catalog view
SYSCAT.INDEXAUTH catalog view
SYSCAT.PACKAGEAUTH catalog view
SYSCAT.PASSTHRUAUTH catalog view
SYSCAT.ROUTINEAUTH catalog view
SYSCAT.SCHEMAAUTH catalog view
SYSCAT.TABAUTH catalog view