The .AUTH command lets you switch authorization IDs during processing. For example, if the .AUTH is set to the authorization ID with SYSADM authority and the migration strategy is submitted with an ID that does not have SYSADM authority, the objects will be created. To limit the use of the .AUTH statement, a security exit will need to be used.
The .AUTH command can be used to switch to an ID authorized to perform a specific SQL statement. To control the users who can perform authorization ID switching, a security exit will need to be provided. A security exit is called for every Batch Processor command that provides access or authority to a resource. EXIT01 is a supplied exit routine that can be edited and enhanced to control the users that can execute the .AUTH command. This routine is called when the .AUTH command is executed.
Specifics on the use of the EXIT01 security exit can be found in the Batch Processor Reference Guide, Appendix A: Using the Security Exits.