ACQUIRE DBSPACE
For cases A2 and B2, the system makes an entry in the SYSUSERAUTH catalog table with RESOURCEAUTH set to 'Y'. In addition, the NAME column is set to the package_id and the AUTHOR column is set to the authorization ID of the person who preprocessed the program. The entry indicates the program's dependency.
ALTER DBSPACE
ALTER TABLE
For cases B2, C1, and C2, the system makes entries in the SYSTABAUTH catalog table with the ALTERAUTH columns set to 'Y'. The entries represent this package's dependency on ALTER privilege for the table.
The preprocessor determines which level of RUN privilege to give the owner. For some SQL statements, privileges are not checked for all objects affected by the statement. For example, when manipulating primary and foreign keys with the ALTER TABLE statement, ALTER privilege is only checked for the table_name following the ALTER TABLE statement rather than all the tables involved. Additional ALTER and REFERENCES privileges are checked at run time.
COMMENT ON
CREATE INDEX
For cases B2, C1, and C2, the system makes an entry in the SYSTABAUTH catalog table with the INDEXAUTH column set to 'Y'. The entries represent this package's dependency on INDEX authority privilege for the table.
| Note: | It is possible for the owner of a table to create an index on that table in the name of another authorization ID. This is true even if the table owner does not have DBA authority. |
CREATE TABLE
DELETE
There are two decision tables that apply to DELETE:
The Table Where the Deletion Is Applied :
In cases B2, C1, and C2, the application server makes entries in the SYSTABAUTH catalog table with the DELETEAUTH column set to 'Y'. The entries represent this package's dependency on the DELETE privilege for the table.
Any Tables Referenced in a WHERE Clause :
| Note: | The authorization checking in the previous decision table precedes the logic of this table. If the first decision table yields a negative SQLCODE, processing stops. Otherwise, the system applies the lowest level of authorization gained from the two decision tables. |
Figure 133. Tables/Views in WHERE clause
In cases B2, C1, and C2, the application server makes entries in the SYSTABAUTH catalog table with the SELECTAUTH column set to 'Y'. The entries represent this package's dependency on SELECT privilege for the table.
In case A2, the system makes an entry in the SYSUSERAUTH catalog table to show this package's dependency on DBA authority.
GRANT for Authorities Statement
INSERT:
There are two decision tables that apply to INSERT:
The Table Where the Insertion Is Applied :
In cases B2, C1, and C2, the system makes entries in the SYSTABAUTH catalog table with the INSERTAUTH column set to 'Y'. The entries represent this package's dependency on INSERT privilege for the table.
Any Tables Referenced in a WHERE Clause of a Subselect :
| Note: | The authorization checking in the previous decision table precedes the logic of this table. |
The decision table used here is the same as that used by tables in the WHERE clause of a DELETE in Figure 133.
In cases B2, C1, and C2, the system makes entries in the SYSTABAUTH catalog table with the SELECTAUTH column set to 'Y'. The entries represent this package's dependency on SELECT privilege for the table.
In case A2, the system makes an entry in the SYSUSERAUTH catalog table to show this package's dependency on DBA authority.
REVOKE for Authorities Statement
SELECT
There are two decision tables that apply to SELECT:
The Tables in the FROM List :
In cases B2, C1, and C2, the application server makes entries in the SYSTABAUTH catalog table with the SELECTAUTH column set to 'Y'. The entries represent this package's dependency on INSERT privilege for the table.
In case A2, there are some instances where a 'Y' entry is made in the DBAAUTH column of the SYSUSERAUTH catalog table, showing package dependencies on DBA authority.
Any Tables Referenced in a WHERE Clause :
| Note: | The authorization checking in the previous decision table precedes the logic of this table. |
The decision table used here is the same as that used by tables in the WHERE clause of a DELETE in Figure 133.
In cases B2, C1, and C2, the system makes entries in the SYSTABAUTH catalog table with the SELECTAUTH column set to 'Y'. The entries represent this package's dependency on SELECT privilege for the table.
In case A2, the system makes an entry in the SYSUSERAUTH catalog table to show this package's dependency on DBA authority.
The UPDATE Tables
There are two decision tables that apply to UPDATE:
The Table Where the Update Is Applied :
In cases B2, C1, and C2, the system makes entries in the SYSTABAUTH catalog table with the UPDATEAUTH column set to 'Y'. The entries represent this package's dependency on UPDATE privilege for the table.
Any Tables Referenced in a WHERE Clause :
| Note: | The authorization checking in the previous decision table precedes the logic of this table. |
The decision table used here is the same as that used by tables in the WHERE clause of a DELETE in Figure 133.
In cases B2, C1, and C2, the system makes entries in the SYSTABAUTH catalog table with the SELECTAUTH column set to 'Y'. The entries represent this package's dependency on SELECT privilege for the table.
In case A2, the system makes an entry in the SYSUSERAUTH catalog table to show this package's dependency on DBA authority.
There are two decision tables that apply to UPDATE:
The LOCK DBSPACE Table
The LOCK TABLE Table
For cases B1, B2, and C2, the system makes entries in the SYSTABAUTH catalog table. The entries have the SELECTAUTH column set to 'Y' to show the package's dependency.