Db2 for z/OS and its ecosystem

 View Only

Enhancements for view management authorization

By Emily Alameida posted Wed August 02, 2023 02:05 PM


By Gayathiri Chandran and Emily Alameida.

With APAR PH54863, Db2 13 now allows database administrators (DBAs) with DBADM authority on
databases to drop a view and select from a view without always requiring system level authority. This
function is available in V13R1M100 or higher.

DBAs can select from views owned by other users if the privilege set includes required privileges such as
SELECT for each table or view and EXECUTE for each function that is identified in the fullselect of the
CREATE VIEW statement. They can also drop a view if the privilege set includes DBADM authority on the
database that contains one of the base tables and the subsystem parameter DBACRVW is set to YES.

APAR PH54936 adds support for the enhancements when using RACF access control authorization exit for
access control.

By using the new view management authorization enhancements, DBAs with database DBADM
authority, who can create views on behalf of another user, can now manage these views and achieve
compliance without requiring elevated authority. Also, users with required privileges to access the
objects identified in the view definition can access the view without requiring select privilege on the