The Group Authorization Tool is a series of CICS transactions that operate under the SQM main transaction. The "SQLMSTR" ID grants all authorizations. The tool records and maintains all authorizations.
You can use the LIST Functions to view the various reports that are available to help manage database access. These reports show Application Groups and the objects they contain, such as tables, views and packages; User Groups and user IDs associated with specific User Groups; and authorities granted to User Groups.
The Group Authorization tool keeps all data about User and Application Groups, as well as authorization information, in database tables. You can query these tables to obtain authorization information. See Special Considerations for an example.
The "SQLMSTR" ID owns five authorization tables that contain its information about User, Application Groups and authorizations. These tables are:
Users can belong to more than one User Group and can have the same privilege granted to an object through multiple User Groups. If you drop the user from one User Group, the user does not automatically lose the privilege to the object since the user still has authority through the second User Group.
The same is true of an object that is in more than one Application Group: if that object is dropped from one group, but privileges on it exist through another application group, those privileges will not be automatically revoked from users who have authority on it through the second group.
You can choose to: