What authorization is required for execute access to a DB2 package?

Document ID : KB000104983
Last Modified Date : 05/07/2018
Show Technical Document Details
Introduction:
What authorization is required for execute access to a DB2 package?
Question:
What authorization is required for execute access to a DB2 package?
Answer:
User-defined function packages and trigger packages: If a stored procedure or any application under the stored procedure invokes a user-defined function, DB2 requires only the owner (the definer), and not the invoker of the user-defined function, to have EXECUTE authority on the user-defined function package. However, the authorization ID or role of the SQL statement that invokes the user-defined function must have EXECUTE authority on the function. 

Thus it is a requirement that the owner (definer) of the function have its access checked. The only way to prevent these violations from occurring is to change the owner of the function.

We are not aware of a way to change the function owner without re-defining the function. Please check with your DB2 folks to see if they know of a way to change the function owner.