In DB2 v11, you can now control access to a user-defined global variable through the GRANT (variable privileges) and REVOKE (variable privileges) statements. The authorization that is required to use a global variable depends on where it is defined and how it is used.
- The authorization ID of an SQL statement that references a user-defined global variable and retrieves the value must have READ privilege on the global variable.
- The authorization ID of an SQL statement that references a user-defined global variable and assigns a value to that variable must have the WRITE privilege on the global variable.
How do you allow this access in Top Secret?
To own/permit this in Top Secret, the following must be issued:
TSS ADD(#owner) DB2VAR(variable.name.prefix)
TSS PER(acid) DB2VAR(variable.name.prefix) ACCESS(NONE|READ|WRITE|ALL)
WRITE allows users to populate the variable.
READ allows users to read the value of the variable.
where '#owner' is the acid to own the resource. (It is recommended that department acids own resources.)
'acid' is the user's ACID, an attached profile, or the ALL record if all users should have access.