Authorization Control Detail (Type AUTHCNTL)

This topic shows detailed information about Authorization Control Detail (Type AUTHCNTL).

When you select AUTHCNTL, the data is retrieved from IFCID 141 or 361, and the following fields are printed:

For the GRANTOR (IFCID 141)

GRANTOR: JUB        OWNER TYPE: ROLE                               
                    REASON: N/P                    SQLCODE:     0  
OBJECT TYPE: TAB/VIEW                                              
TEXT: GRANT INSERT ON TABLE JUB.AUDTB1 TO PUBLIC                   
GRANTOR or REVOKER
The authorization ID of the user who issued the GRANT or REVOKE.

This field is blank if the BY clause is used in a REVOKE statement.

OWNER TYPE
The authorization type of the owner. Possible values are:
ROLE
A role is used.
PRIM/SECOND AUTHID
The user ID of the primary or the secondary authorization ID is used.
N/P
Not present. A blank is shown in the performance database.
REASON

The reason why access was granted.

In the Audit report set this field is only valid for GRANTs. It indicates the authorization level of the grantor. For REVOKEs and unsuccessful GRANTs, N/A is printed.

Possible values are:
  • PACKADMA (abbreviation for PACKADM ON ALL COLLECTIONS)
  • DBCTRL
  • DBADM
  • SECADM
  • ACCCTRL (abbreviation for ACCESSCTRL)
  • SYSCTRL
  • DBMAINT
  • SYSOPR
  • PACKADMS (abbreviation for PACKADM ON A SPECIFIC COLLECTION-ID)
  • SYSADM
SQLCODE
The SQL return code from the GRANT or REVOKE operation.
OBJECT TYPE
The DB2® object type. Possible values are:
BUFFER
Buffer Pool
COLLECT
Collection
DATABASE
Database
DISTTYPE
Distinct Type
FUNCTION
Function
PACKAGE
Package
SCHEMA
Schema
PROCEDUR
Procedure
APPLPLAN
Application Plan
LOBTS
Large objects table space
STOGROUP
Storage Group
TAB/VIEW
Table or View
USERAUTH
System privileges, such as SYSADM or SYSOPR
SEQUENCE
Sequence
ACEE
Access control environment element
ROW
Row
TEXT
The SQL statement text associated with the GRANT or REVOKE. Long SQL text can be truncated.

For the authorization ID (AUTHID) (IFCID 361)

AUTHCNTL AUTH TYPE:          SYSADM
         PRIV CHECKED:       EXECUTE                 OBJECT TYPE:       PACKAGE
         AUTHID:             SYSADM
         SOURCE OBJECT
          QUALIFIER:         DSNTEP3
          NAME:              DSNTEP3
         TARGET OBJECT
          QUALIFIER:         N/P
          NAME:              N/P
         OTHER OBJECT
          NAME:              N/P
         TEXT:               N/P                                                              
Or ROLE instead of AUTHID:
AUTH TYPE:     xxxxxxxxxxxxxxx                                                   
PRIV CHECKED:  xxxxxxxxxxxxxxx                       OBJECT TYPE:       xxxxxxxx 
ROLE:          xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx                                                    
SOURCE OBJECT                                                                    
 QUALIFIER:    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx                                                    
 NAME:         xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx                                                    
TARGET OBJECT                                                                    
 QUALIFIER:    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx                                                    
 NAME:         xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx                                                    
OTHER OBJECT                                                                    
 NAME:         xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx  
TEXT:          xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
               xxxxxxxxxxxxxx                                                                   
AUTH TYPE

The authority type.

Possible values are:
  • SYSDBADM (System DBADM)
  • DBCTRL
  • DBADM
  • SECADM
  • ACCSCTRL (ACCESSCTRL)
  • SYSADMI (Installation SYSADM)
  • SQLADM
  • SYSCTRL
  • DBMAINT
  • SYSOPR
  • PACKADM
  • SYSOPRI (Installation SYSOPR)
  • SYSADM
  • DATAACCS (DATAACCESS)
  • USER
PRIV CHECKED

The privilege that was checked. Possible values are provided in the DB2 macro DSNDQW05.

OBJECT TYPE

The DB2 object type.

Possible values are:
  • ACEE
  • BUFFER (Bufferpool)
  • COLLECT (Collection)
  • DATABASE
  • DISTTYPE (Distinct Type)
  • FUNCTION
  • SESSIONV (Session Variable)
  • JAR
  • PACKAGE
  • ROLE
  • SCHEMA
  • TRUSTCTX (Trusted Context)
  • PROCEDUR (Procedure)
  • APPLPLAN (Application Plan)
  • LOBTS (LOB Tablespace)
  • STOGROUP (Storage Group)
  • TAB/VIEW (Table or View)
  • USERAUTH (User Auth)
  • SEQUENCE
  • ROW
AUTHID or ROLE

The authorization ID or the role that has the authority.

SOURCE OBJECT - QUALIFIER

The source object qualifier or owner.

SOURCE OBJECT - NAME

The source object name.

TARGET OBJECT - QUALIFIER

The target object qualifier or owner.

TARGET OBJECT - NAME

The target object name.

OTHER OBJECT - NAME

The other object name or subsystem parameter.

TEXT

The SQL statement (truncated at 4000 bytes).