12
Tue, Nov
6 New Articles

Understanding DB2 Object Privileges, Part 1

Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

In this three-part series, we examine the various object privileges provided in DB2.

 

Editor's note: This article is an excerpt from the book DB2 10.1 Fundamentals: Certification Study Guide (Exam 610) (MC Press, May 2014).

 

In DB2 for Linux, UNIX, and Windows and DB2 for z/OS, privileges convey the right to perform certain actions against specific database resources. Two distinct types of privileges exist: database and object. Database privileges apply to a database as a whole and control which actions a user is allowed to perform against a particular database. Object privileges, on the other hand, apply to specific database objects (for example, tables, indexes, and views).

 

Because the nature of each database object varies, the individual privileges that exist for each object differ. In this three-part series, we examine the various object privileges provided in DB2.

The Authorization ID Privilege (DB2 for Linux, UNIX, and Windows Only)

 

The authorization ID privilege lets a user set the session authorization ID to one of a set of specified authorization IDs available (by executing the SET SESSION AUTHORIZATION statement). Only one authorization ID privilege exists: the SETSESSIONUSER privilege.

Buffer Pool Privileges (DB2 for z/OS Only)

 

Buffer pool privileges control what users can and cannot do with a particular buffer pool. (A buffer pool is a portion of memory that has been allocated to DB2 for the purpose of caching table and index data as it is read from disk.) The following buffer pool privileges are available:

 

  • USE OF BUFFERPOOL: Allows a user to use a certain buffer pool.
  • USE OF ALL BUFFERPOOLS: Allows a user to use every buffer pool available.

The Table Space Privilege

The table space privilege controls what users can and cannot do with a particular table space. (Table spaces control where data in a database physically resides.) Only one table space privilege exists—the USE (or USE OF TABLESPACE) privilege, which, when granted, lets a user use a certain table space.

 

Note: In DB2 for Linux, UNIX, and Windows environments, the USE privilege cannot be used to give an individual the ability to create tables in the system catalog table space or in any temporary table spaces that might exist.

The Storage Group Privilege (DB2 for z/OS Only)

 

The storage group privilege controls what users can and cannot do with a particular storage group. (With DB2 for z/OS, a storage group refers to a set of volumes on disks that holds the data sets in which tables and indexes are stored.) Only one storage group privilege exists—the USE (or USE OF STOGROUP) privilege, which, when granted, lets a user use a certain storage group.

 

Schema Privileges

Schema privileges control what users can and cannot do with a particular schema. (A schema is an object that is used to logically classify and group other objects in the database; most objects are identified by using a naming convention that consists of a schema name, followed by a period, followed by the object name.) The following schema privileges are available:

  • CREATEIN: Allows a user to create objects within a certain schema.
  • ALTERIN: Allows a user to change the comment associated with any object in a certain schema or alter any object that resides in the schema.
  • DROPIN: Allows a user to remove (drop) any object within a certain schema.

With DB2 for Linux, UNIX, and Windows, the objects that can be manipulated within a schema include tables, views, indexes, packages, data types, functions, triggers, procedures, and aliases. With DB2 for z/OS, those objects consist of distinct data types, UDFs, triggers, and procedures.

 

Table Privileges

Table privileges control what users can and cannot do with a particular table in a database. (A table is a logical structure that presents data as a collection of unordered rows with a fixed number of columns.) The following table privileges are available:

  • CONTROL: Provides a user with all table privileges available. With this privilege, a user can remove (drop) a certain table from the database, execute the RUNSTATS and REORG commands against the table, execute the SET INTEGRITY statement against the table, and grant and revoke individual table privileges (with the exception of the CONTROL privilege) to/from others. (This privilege is available with DB2 for Linux, UNIX, and Windows only.)
  • ALTER: Allows a user to change a certain table’s definition and/or the comment associated with the table as well as create or drop a table constraint.
  • SELECT: Allows a user to retrieve data from a certain table as well as create a view that references the table.
  • INSERT: Allows a user to add data to a certain table.
  • UPDATE: Allows a user to modify data in a certain table. (This privilege can apply to the entire table or be limited to specific columns within the table.)
  • DELETE: Allows a user to remove data from a certain table.
  • INDEX: Allows a user to create an index for a certain table.
  • REFERENCES: Allow a user to create and drop foreign key constraints that reference a certain table in a referential integrity constraint. (This privilege can apply to the entire table or be limited to specific columns within the table, in which case a user can only create and drop referential constraints that reference the columns identified.)
  • TRIGGER: Allows a user to create triggers for a certain table. (This privilege is available with DB2 for z/OS only.)

View Privileges

View privileges control what users can and cannot do with a particular view. (A view is a virtual table that provides an alternative way of working with data that physically resides in one or more base tables; views are frequently used to limit access to specific columns in a table.) The following view privileges are available:

  • CONTROL: Provides a user with all view privileges available. With this privilege, a user can remove (drop) a certain view from the database as well as grant and revoke individual view privileges (with the exception of the CONTROL privilege) to/from others. (This privilege is available with DB2 for Linux, UNIX, and Windows only.)
  • SELECT: Allows a user to use a certain view to retrieve data from its underlying base table(s).
  • INSERT: Allows a user to use a certain view to add data to its underlying base table(s).
  • UPDATE: Allows a user to use a certain view to modify data in its underlying base table(s). (This privilege can apply to the entire view or be limited to specific columns within the view.)
  • DELETE: Allows a user to use a certain view to remove data from its underlying base table(s).

 

It is important to note that with DB2 for Linux, UNIX, and Windows, the owner of a view will receive CONTROL privilege for that view only if they hold CONTROL privilege for every base table the view references.

 

Note: To create a view, a user must hold, at a minimum, SELECT privilege on each base table the view references.

 

The Index Privilege (DB2 for Linux, UNIX, and Windows Only)

 

The index privilege controls what users can and cannot do with a particular index. (An index is an ordered set of pointers that refer to one or more key columns in a base table; use of indexes can improve query performance.) Only one index privilege exists—the CONTROL privilege, which, when granted, allows users to remove a certain index from a database.

 

Unlike the CONTROL privilege for other objects, the CONTROL privilege for an index does not automatically give users the ability to grant and revoke index privileges to/from others. That is because the only index privilege available is the CONTROL privilege, and only users with ACCESSCTRL or SECADM authority are allowed to grant and revoke CONTROL privilege.

To Be Continued

 

In Part 2, we will examine several more DB2 object privileges, including those that govern access to procedures, packages, collections, and more.

 

Roger Sanders

Roger E. Sanders is a Principal Sales Enablement & Skills Content Specialist at IBM. He has worked with Db2 (formerly DB2 for Linux, UNIX, and Windows) since it was first introduced on the IBM PC (1991) and is the author of 26 books on relational database technology (25 on Db2; one on ODBC). For 10 years he authored the “Distributed DBA” column in IBM Data Magazine, and he has written articles for publications like Certification Magazine, Database Trends and Applications, and IDUG Solutions Journal (the official magazine of the International Db2 User's Group), as well as tutorials and articles for IBM's developerWorks website. In 2019, he edited the manuscript and prepared illustrations for the book “Artificial Intelligence, Evolution and Revolution” by Steven Astorino, Mark Simmonds, and Dr. Jean-Francois Puget.

From 2008 to 2015, Roger was recognized as an IBM Champion for his contributions to the IBM Data Management community; in 2012 he was recognized as an IBM developerWorks Master Author, Level 2 (for his contributions to the IBM developerWorks community); and, in 2021 he was recognized as an IBM Redbooks Platinum Author. He lives in Fuquay Varina, North Carolina.


MC Press books written by Roger E. Sanders available now on the MC Press Bookstore.

QuickStart Guide to Db2 Development with Python QuickStart Guide to Db2 Development with Python
Discover how Python, SQL, and Db2 can successfully be used with each other.
List Price $9.95

Now On Sale

DB2 10.5 Fundamentals for LUW (Exam 615) DB2 10.5 Fundamentals for LUW (Exam 615)
Don't even think about attempting to take the DB2 Fundamentals exam without this indispensable study guide.
List Price $79.95

Now On Sale

DB2 10.1 Fundamentals (Exam 610) DB2 10.1 Fundamentals (Exam 610)
Let one of the world's leading DB2 authors and a participant in the exam development help you succeed.
List Price $79.95

Now On Sale

Artificial Intelligence: Evolution and Revolution Artificial Intelligence: Evolution and Revolution
Operational AI has become available to the masses, setting the wheels in motion for a worldwide AI revolution that has never been seen before.
List Price $16.95

Now On Sale

DB2 10.5 DBA for LUW Upgrade from DB2 10.1: Certification Study Notes DB2 10.5 DBA for LUW Upgrade from DB2 10.1: Certification Study Notes
Here's everything you need to know to take and pass Exam 311, complete with a practice exam and study key.
List Price $21.95

Now On Sale

From Idea to Print From Idea to Print
Here's everything you need to know to turn your technical knowledge and expertise into a published article or book.
List Price $49.95

Now On Sale

DB2 9 Fundamentals (Exam 730) DB2 9 Fundamentals (Exam 730)
Use this review before taking the test to prove you've mastered the basics of DB2 9.
List Price $59.95

Now On Sale

DB2 9 for Linux, UNIX, and Windows Database Administration (Exam 731) DB2 9 for Linux, UNIX, and Windows Database Administration (Exam 731)
Use this indispensable study guide to prepare to take, and pass, Exam 731.
List Price $64.95

Now On Sale

DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541) DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541)
Get ready to take the DB2 9.7 certification exam with this handy study guide.
List Price $21.95

Now On Sale

DB2 9 for Linux, UNIX, and Windows Advanced Database Administration (Exam 734) DB2 9 for Linux, UNIX, and Windows Advanced Database Administration (Exam 734)
Review all exam topics and take the included practice test to be sure you're ready on testing day.
List Price $64.95

Now On Sale

DB2 9 for Linux, UNIX, and Windows Database Administration Upgrade (Exam 736) DB2 9 for Linux, UNIX, and Windows Database Administration Upgrade (Exam 736)
Prep for success with the master of DB2 certification study guides!
List Price $34.95

Now On Sale

Data Fabric: An Intelligent Data Architecture for AI Data Fabric: An Intelligent Data Architecture for AI
This book explains the concepts and values that a data fabric approach can deliver to both technical and business communities.
List Price $19.95

Now On Sale

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: