New DB2VAR class with DB2 v11

Document ID : KB000030754
Last Modified Date : 14/02/2018
Show Technical Document Details

You can now control access to a user-defined global variable through the GRANT (variable privileges) and REVOKE (variable privileges) statements. The authorization that is required to use a global variable depends on where it is defined and how it is used.

 

The authorization ID of an SQL statement that references a user-defined global variable and retrieves the value must have READ privilege on the global variable.

The authorization ID of an SQL statement that references a user-defined global variable and assigns a value to that variable must have the WRITE privilege on the global variable.

 

The link for this doc is:

http//www-01.ibm.com/support/knowledgecenter/SSEPEK_11.0/com.ibm.db2z11.doc/src/db2z_refhome.dita

 

To own/permit this in CA Top Secret, the following must be issued:

 

TSS ADD(#owner) DB2VAR(variable.name.prefix)

TSS PER(acid) DB2VAR(variable.name.prefix) ACCESS(NONE|READ|WRITE|ALL)

WRITE allows users to populate the variable

READ allows users to read the value of the variable.

 

where '#owner' is the acid to own the resource (we recommend department acids own resources)

          'acid' is the user's acid, an attached profile, or the ALL record if all users should have access