Privileges and authorities

You can control access within Db2 by granting or revoking privileges and related authorities that you assign to authorization IDs or roles. A privilege enables its holder to perform a specific operation, sometimes on a specific object.

Privileges can be explicit or implicit. An explicit privilege is a specific type of privilege. Each explicit privilege has a name and is the result of a GRANT statement or a REVOKE statement. For example, the SELECT privilege on a table or view is an explicit privilege.

An implicit privilege comes from the ownership of objects, including plans and packages. For example, users are granted implicit privileges on objects that are referenced by a plan or package when they are authorized to execute the plan or package. Another example of an implicit privilege is the privilege to drop a synonym that one owns.

An administrative authority is a set of privileges, often covering a related set of objects. Authorities often include privileges that are not explicit, have no name, and cannot be specifically granted. For example, when an ID is granted the SYSOPR administrative authority, the ID is implicitly granted the ability to terminate any utility job.

The phrase"privilege set of a process" means the entire set of privileges and authorities that can be used by a process (which is represented by one or more authorization IDs) in a specific situation.