Using the system catalog for security information
Information about each database is automatically maintained in a set of views called the system catalog, which is created when the database is created. This system catalog describes tables, columns, indexes, programs, privileges, and other objects.
The following views and table functions list information about privileges held by users, identities of users granting privileges, and object ownership:
- SYSCAT.COLAUTH
- Lists the column privileges
- SYSCAT.DBAUTH
- Lists the database privileges
- SYSCAT.INDEXAUTH
- Lists the index privileges
- SYSCAT.MODULEAUTH
- Lists the module privileges
- SYSCAT.PACKAGEAUTH
- Lists the package privileges
- SYSCAT.PASSTHRUAUTH
- Lists the server privilege
- SYSCAT.ROLEAUTH
- Lists the role privileges
- SYSCAT.ROUTINEAUTH
- Lists the routine (functions, methods, and stored procedures) privileges
- SYSCAT.SCHEMAAUTH
- Lists the schema privileges
- SYSCAT.SEQUENCEAUTH
- Lists the sequence privileges
- SYSCAT.SURROGATEAUTHIDS
- Lists the authorization IDs for which another authorization ID can act as a surrogate.
- SYSCAT.TABAUTH
- Lists the table and view privileges
- SYSCAT.TBSPACEAUTH
- Lists the table space privileges
- SYSCAT.VARIABLEAUTH
- Lists the variable privileges
- SYSCAT.WORKLOADAUTH
- Lists the workload privileges
- SYSCAT.XSROBJECTAUTH
- Lists the XSR object privileges
Privileges granted to users by the system will have SYSIBM as the grantor. SYSADM, SYSMAINT SYSCTRL, and SYSMON are not listed in the system catalog.
The CREATE and GRANT statements place privileges in the system catalog. Users with ACCESSCTRL and SECADM authority can grant and revoke SELECT privilege on the system catalog views.