What authorization is required for execute access to a DB2 package?

book

Article ID: 104983

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

What authorization is required for execute access to a DB2 package?

What authorization is required for execute access to a DB2 package?

Environment

Release:
Component: TSSDB2

Resolution

User-defined function packages and trigger packages: If a stored procedure or any application under the stored procedure invokes a user-defined function, DB2 requires only the owner (the definer), and not the invoker of the user-defined function, to have EXECUTE authority on the user-defined function package. However, the authorization ID or role of the SQL statement that invokes the user-defined function must have EXECUTE authority on the function. 

Thus it is a requirement that the owner (definer) of the function have its access checked. The only way to prevent these violations from occurring is to change the owner of the function.

We are not aware of a way to change the function owner without re-defining the function. Please check with your DB2 folks to see if they know of a way to change the function owner.