search cancel

Creating and/or Dropping Views

book

Article ID: 113650

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

When testing DB2 V12, the following error occurred when creating or dropping a view:

CADB2036 - A null field was passed for the resource name

A trace showed:

DSNT408I SQLCODE = -164, ERROR: xxx DOES NOT HAVE THE PRIVILEGE TO CREATE A VIEW xxxxx.

What access is needed?

Environment

Release:
Component: TSSDB2

Resolution

Authorizing the creation of a view in CA-Top Secret/DB2 is a special process. Like DB2, CA-Top Secret/DB2 requires that the creator of the view have the SELECT authority on the base tables or views. Unlike DB2, however, CA-Top Secret/DB2 does not enforce that the qualifier of the view is one of the  creator's process IDs. Instead, CA-Top Secret/DB2 checks a CA-Top Secret/DB2 special privilege called CREATE. CREATE is specified as DB2TABLE access level for the view, and is checked when a user creates or drops a view. If the PERMIT to the view does not include the CREATE access level to create or drop a view, CA-Top Secret/DB2 denies the request.          

DB2DBASE with ACCESS(DBADM) is not enough. One of the following is required:

- ACCESS(CREATE,VIEW) to the DB2TABLE resource
- DB2SYS(SYSCTRL)
- DB2SYS(SYSADM)