Implicit schema authority (IMPLICIT_SCHEMA) considerations
When a new database is created, PUBLIC is given IMPLICIT_SCHEMA database authority, unless the RESTRICTIVE option is specified on the CREATE DATABASE command.
With the IMPLICIT_SCHEMA authority, a user can create a schema by creating an object and specifying a schema name that does not exist. SYSIBM becomes the owner of the implicitly created schema and PUBLIC is given the privilege to create objects in this schema. When the database is restrictive, PUBLIC does not have the CREATEIN privilege on the schema. The user who implicitly creates the schema has CREATEIN privilege on the schema.
If control of who can implicitly create schema objects
is required for the database, the database must be created with the
RESTRICTIVE option specified. If the database is not restrictive,
IMPLICIT_SCHEMA database authority must be revoked from PUBLIC. In
this scenario, there are only three ways that a schema object is created:
- Any user can create a schema with their own authorization name on a CREATE SCHEMA statement.
- Any user with DBADM authority can explicitly create any schema which does not exist, and can optionally specify another user as the owner of the schema.
- Any user with DBADM authority has IMPLICIT_SCHEMA database authority, so that they can implicitly create a schema with any name at the time they are creating other database objects.