DB2 for OS/390

View owners and privileges

If the view is qualified, the SQL authorization ID that qualifies the name is the view's owner.

If the SQL authorization ID of the process has SYSADM authority, the owner of the view can be any authorization ID.

If that authorization ID has SYSCTRL but not SYSADM authority, the owner of the view can be any authorization ID, provided that view does not refer to user tables or views in the first FROM clause of its defining subselect. (It could refer instead, for example, to catalog tables or views thereof.)
Otherwise, the owner of the view must be one of the authorization IDs of the process. If the view satisfies the authorization ID rules, the view is created, even if the owner has no privileges on the tables and views identified in the view's subselect.

If the SQL authorization ID of the process lacks SYSADM or SYSCTRL authority, only the authorization IDs of the process can own the view. In this case, the privilege set is the privileges that are held by authorization ID selected for ownership.

If the view name is unqualified, the owner of the view is the authorization ID that serves as the implicit qualifier for unqualified object names. This is the authorization ID of the QUALIFIER operand when the plan or package was created or last rebound. If QUALIFIER was not used, the owner of the view is the owner of the package or plan.

If the view name is unqualified, the owner of the view is the SQL authorization ID of the process. The owner always acquires the SELECT privilege on the view and the authority to drop the view. The SELECT privilege is grantable only if the owner has the grantable SELECT privilege on every table or view identified in the first FROM clause of the SELECT statement of the view. The owner must acquire these grantable privileges before the creation of the view.

The owner can also acquire the INSERT, UPDATE, and DELETE privileges on a view. For this to be possible, the view must not be "read only". If the owner has one of the above three privileges on this table of view, the owner acquires that privilege on the new view. The privilege is grantable only if the privilege from which it is derived is also grantable. The owner must acquire this privilege before the creation of the view.

With appropriate DB2 authority, a process can create views for those who have no authority to create the views. The owner of such a view has the SELECT privilege on the view, without the GRANT option, and can drop the view.