Privileges by authorization ID and authority

When a process gains access to Db2, it has a primary authorization ID, one or more secondary authorization IDs, an SQL ID, and perhaps a specific role if it runs in a trusted context. To be able to perform certain actions, an authorization ID or role must hold the required privileges. To perform other actions, a set of IDs or roles must hold the required privileges.

For better performance, consider limiting the number of secondary IDs in your catalog table. A process can have up to 1012 secondary IDs. The more secondary IDs that must be checked, the longer the check takes. Also, make sure that the role and the current SQL ID have the necessary privileges for dynamic SQL statements. Because the role and the current SQL ID are checked first, the operation is fastest if they have all the necessary privileges.