What authorization is required for execute access to a DB2 package?
book
Article ID: 104983
calendar_today
Updated On:
Products
Top SecretTop Secret - LDAP
Issue/Introduction
What authorization is required for execute access to a DB2 package?
What authorization is required for execute access to a DB2 package?
Environment
Release: Component: TSSDB2
Resolution
User-defined function packages and trigger packages: If a stored procedure or any application under the stored procedure invokes a user-defined function, DB2 requires only the owner (the definer), and not the invoker of the user-defined function, to have EXECUTE authority on the user-defined function package. However, the authorization ID or role of the SQL statement that invokes the user-defined function must have EXECUTE authority on the function.
Thus it is a requirement that the owner (definer) of the function have its access checked. The only way to prevent these violations from occurring is to change the owner of the function.
We are not aware of a way to change the function owner without re-defining the function. Please check with your DB2 folks to see if they know of a way to change the function owner.