One of the functions provided by Db2 Administration Tool for z/OS is the ability to manage authorizations.

From the main menu, select option 1 (Db2 system catalog) and then AO (Authorization options). The following authorization options are displayed:


If I want to see the authorizations for tables that begin with TB1, I select option TA (Table authorizations) and enter my filtering criteria for the table name:


By default, all authorizations (both implicit and explicit) are displayed. In this case, over 700 rows are returned:

Most authorizations are implicitly granted. For example, if I issue a CREATE TABLE statement, I am implicitly granted access to that table.  Therefore, I'd like to be able to filter this list to see only those authorizations that were explicitly granted.  I can do that with the new command RMIMPL (Remove Implicit).

When I enter RMIMPL on the command line and press Enter, I see a much smaller list that includes only the explicitly granted authorizations:

Now, I can manage just these authorizations.

If I want to view the complete list again (with both implicit and explicit authorizations), I can issue the REFRESH command.

This new RMIMPL command is available on the following authorization panels:

• Application Plan Authorizations (ADB2AP) panel
• Package Authorizations (ADB2AK) panel
• Storage Group Authorizations (ADB2AG) panel
• Database Authorizations (ADB2AD) panel
• Table Space Authorizations (ADB2AS) panel
• Table Authorizations (ADB2AT) panel
• Column Authorizations (ADB2AC) panel
• Function Authorizations (ADB2AO) panel
• Stored Procedure Authorizations (ADB2AO) panel
• System Privileges Authorizations (ADB2AZ) panel
• Resource Authorizations (ADB2AR) panel
• Collection Authorizations (ADB2AL) panel
• Schema Authorizations (ADB2AH) panel
• Global Variable Authorizations (ADBPAGV) panel