Summary of Db2 authorization requirements

The following table summarizes the Db2 authorization requirements for different methods of specifying the [Bind] parameters to run the High-speed Apply Engine:

Related topic

Db2-authorizations-for-plans-packages-and-collections

Additional authorization considerations

  • Although you can grant any of the listed Db2 authorizations or privileges to PUBLIC, many of them are normally not (for example, SYSADM, SYSCTRL, BINDADD, and PACKADM).
  • The BindOwner value must be:
    • A valid primary or secondary authorization ID of the user running High-speed Apply Engine

    • An authorization ID (with sufficient authority) that has granted BINDAGENT authority to the user running High-speed Apply Engine 

      Important

      (BMC.DB2.SPE2310) To run High-speed Apply Engine in a trusted context, define WITH ROLE AS OBJECT OWNER AND QUALIFIER. To configure the BindOwner option, you must specify a Role name instead of a User ID.

  • The AuthID value:
    • Must be a valid TSO logon ID, not a group ID
    • Does not have to be a valid secondary authorization ID of the user running High-speed Apply Engine

[Bind] parameter usage method

Db2 authorization

Granted to one of the listed IDs or to PUBLIC

Default [Bind] parameters (if you do not specify any parameters in your configuration)

EXECUTE privilege for High-speed Apply Engine plan

For example, APTBvvr

  • Primary authorization ID (user ID)
  • Secondary authorization ID

EXECUTE privilege for restart table package

For example, APTBvvr.APTREB2

Primary authorization ID (user ID)

BINDADD authority

PACKADM authority or CREATE IN privilege for collection

SELECT, INSERT, UPDATE, and DELETE privileges on target tables

Specify value for BindOwner (APOWNER) parameter

EXECUTE privilege for High-speed Apply Engine plan

For example, APTBvvr

  • Primary authorization ID (user ID)
  • Secondary authorization ID

EXECUTE privilege for restart table package

For example, APTBvvr.APTREB2

Authorization ID specified by BindOwner parameter

BINDADD authority

PACKADM authority or CREATE IN privilege for collection

SELECT, INSERT, UPDATE, and DELETE privileges on target tables

Specify value for AuthID parameter

EXECUTE privilege for High-speed Apply Engine plan

For example, APTBvvr

  • Primary authorization ID (user ID)
  • Secondary authorization ID

EXECUTE privilege for restart table package

For example, APTBvvr.APTREB2

Primary authorization ID (user ID)

SYSADM or SYSCTRL authority

Authorization ID specified by AuthID parameter

SELECT, INSERT, UPDATE, and DELETE privileges on target tables

Primary authorization ID (user ID)

Specify value for AuthID and BindOwner (APOWNER) parameters

EXECUTE privilege for High-speed Apply Engine plan

For example, APTBvvr

  • Primary authorization ID (user ID)
  • Secondary authorization ID

EXECUTE privilege for restart table package

For example, APTBvvr.APTREB2

Authorization ID specified by BindOwner parameter

SYSADM or SYSCTRL authority

Authorization ID specified by AuthID parameter

SELECT, INSERT, UPDATE, and DELETE privileges on target tables

Authorization ID specified by BindOwner parameter

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*