Data access administration authority (DATAACCESS)

DATAACCESS is the authority that allows access to data within a specific database.

DATAACCESS authority can be granted only by the security administrator (who holds SECADM authority). It can be granted to a user, a group, or a role. PUBLIC cannot obtain the DATAACCESS authority either directly or indirectly.

For all tables, views, materialized query tables, and nicknames it gives these authorities and privileges:

LOAD authority on the database
SELECT privilege (including system catalog tables and views)
INSERT privilege
UPDATE privilege
DELETE privilege

In addition, DATAACCESS authority provides the following privileges:

EXECUTE on all packages
Note: With the release of the Db2 11.1.4.7 security special build 41268, the DATAACCESS authority cannot execute the SYSIBMADM.UTL_DIR module unless the DB2_ALTERNATE_AUTHZ_BEHAVIOUR registry variable is set to UTL_DIR_DATAACCESS.
EXECUTE on all routines (except audit routines, the SET_MAINT_MODE_RECORD_NO_TEMPORALHISTORY procedure, and the encryption related routines ADMIN_ROTATE_MASTER_KEY and ADMIN_GET_ENCRYPTION_INFO)
EXECUTE on all modules
READ on all global variables and WRITE on all global variables except variables which are read-only
USAGE on all XSR objects
USAGE on all sequences