In an ACFRPTRV report for DB2, SERVICE values of OWN and ADM are seen. What do these services indicate?
The SERVICE 'OWN' and 'ADM' are unique DB2 services for the ACFRPTRV report and do not correspond to the SERVICE parameter of the rule. The 'OWN' SERVICE corresponds to the $LIDOWNER and $UIDOWNER rule control statements. The 'ADM' SERVICE corresponds to the %CHANGE, %RCHANGE, SECURITY, or scoped SECURITY privileges.
The entry in the RV report with SERVICE(OWN) is a request for OWNERSHIP. Ownership is not a SERVICE, and cannot be specified in the SERVICE parameter of a rule. Ownership in a rule is established either via the $LIDOWNER control statement, giving ownership to a certain unique logonid, or via the $UIDOWNER control statement, giving ownership to one or more individual logonids that match the UID mask.
During view creation, CA-ACF2/DB2 checks whether the view creator can change the view rule set through %CHANGE, %RCHANGE, SECURITY, or scoped SECURITY privileges. If any of these privileges are granted on the view but not on the base tables or views, CA-ACF2/DB2 generates a SERVICE(ADM) violation against the table and prevents the view's creation. This validation ensures that a user who creates a view of a table does not have more authority over theview than he has over the table.