Authorization Control Detail (Type AUTHCNTL)
This topic shows detailed information about Authorization
Control Detail (Type AUTHCNTL)
.
When you select AUTHCNTL, the data is retrieved from IFCID 141 or 361, and the following fields are printed:
For the GRANTOR (IFCID 141)
GRANTOR: JUB OWNER TYPE: ROLE
REASON: N/P SQLCODE: 0
OBJECT TYPE: TAB/VIEW
TEXT: GRANT INSERT ON TABLE JUB.AUDTB1 TO PUBLIC
- GRANTOR or REVOKER
- The authorization ID of the user who issued the GRANT or REVOKE.
This field is blank if the BY clause is used in a REVOKE statement.
- OWNER TYPE
- The authorization type of the owner. Possible values are:
- ROLE
- A role is used.
- PRIM/SECOND AUTHID
- The user ID of the primary or the secondary authorization ID is used.
- N/P
- Not present. A blank is shown in the performance database.
- REASON
-
The reason why access was granted.
In the Audit report set this field is only valid for GRANTs. It indicates the authorization level of the grantor. For REVOKEs and unsuccessful GRANTs, N/A is printed.
Possible values are:- PACKADMA (abbreviation for PACKADM ON ALL COLLECTIONS)
- DBCTRL
- DBADM
- SECADM
- ACCCTRL (abbreviation for ACCESSCTRL)
- SYSCTRL
- DBMAINT
- SYSOPR
- PACKADMS (abbreviation for PACKADM ON A SPECIFIC COLLECTION-ID)
- SYSADM
- SQLCODE
- The SQL return code from the GRANT or REVOKE operation.
- OBJECT TYPE
- The DB2® object type. Possible values are:
- BUFFER
- Buffer Pool
- COLLECT
- Collection
- DATABASE
- Database
- DISTTYPE
- Distinct Type
- FUNCTION
- Function
- PACKAGE
- Package
- SCHEMA
- Schema
- PROCEDUR
- Procedure
- APPLPLAN
- Application Plan
- LOBTS
- Large objects table space
- STOGROUP
- Storage Group
- TAB/VIEW
- Table or View
- USERAUTH
- System privileges, such as SYSADM or SYSOPR
- SEQUENCE
- Sequence
- ACEE
- Access control environment element
- ROW
- Row
- TEXT
- The SQL statement text associated with the GRANT or REVOKE. Long SQL text can be truncated.
For the authorization ID (AUTHID) (IFCID 361)
AUTHCNTL AUTH TYPE: SYSADM
PRIV CHECKED: EXECUTE OBJECT TYPE: PACKAGE
AUTHID: SYSADM
SOURCE OBJECT
QUALIFIER: DSNTEP3
NAME: DSNTEP3
TARGET OBJECT
QUALIFIER: N/P
NAME: N/P
OTHER OBJECT
NAME: N/P
TEXT: N/P
Or
ROLE instead of AUTHID: AUTH TYPE: xxxxxxxxxxxxxxx
PRIV CHECKED: xxxxxxxxxxxxxxx OBJECT TYPE: xxxxxxxx
ROLE: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
SOURCE OBJECT
QUALIFIER: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
NAME: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
TARGET OBJECT
QUALIFIER: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
NAME: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
OTHER OBJECT
NAME: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
TEXT: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxx
- AUTH TYPE
-
The authority type.
Possible values are:- SYSDBADM (System DBADM)
- DBCTRL
- DBADM
- SECADM
- ACCSCTRL (ACCESSCTRL)
- SYSADMI (Installation SYSADM)
- SQLADM
- SYSCTRL
- DBMAINT
- SYSOPR
- PACKADM
- SYSOPRI (Installation SYSOPR)
- SYSADM
- DATAACCS (DATAACCESS)
- USER
- PRIV CHECKED
-
The privilege that was checked. Possible values are provided in the DB2 macro DSNDQW05.
- OBJECT TYPE
-
The DB2 object type.
Possible values are:- ACEE
- BUFFER (Bufferpool)
- COLLECT (Collection)
- DATABASE
- DISTTYPE (Distinct Type)
- FUNCTION
- SESSIONV (Session Variable)
- JAR
- PACKAGE
- ROLE
- SCHEMA
- TRUSTCTX (Trusted Context)
- PROCEDUR (Procedure)
- APPLPLAN (Application Plan)
- LOBTS (LOB Tablespace)
- STOGROUP (Storage Group)
- TAB/VIEW (Table or View)
- USERAUTH (User Auth)
- SEQUENCE
- ROW
- AUTHID or ROLE
-
The authorization ID or the role that has the authority.
- SOURCE OBJECT - QUALIFIER
-
The source object qualifier or owner.
- SOURCE OBJECT - NAME
-
The source object name.
- TARGET OBJECT - QUALIFIER
-
The target object qualifier or owner.
- TARGET OBJECT - NAME
-
The target object name.
- OTHER OBJECT - NAME
-
The other object name or subsystem parameter.
- TEXT
-
The SQL statement (truncated at 4000 bytes).