An authorization ID is used for two purposes: identification
and authorization checking. For example, the session authorization
ID is used for initial authorization checking.
When referring to the use of an authorization ID in a specific
context, the reference to the authorization is qualified to identify
the context, as shown in the following section.
- Contextual reference to authorization ID
- Definition
- System authorization ID
- The authorization ID used to do any initial authorization checking,
such as checking for CONNECT privilege during CONNECT processing.
As part of the authentication process during CONNECT processing, an
authorization ID compatible with DB2® naming
requirements is produced that represents the external user ID within
the DB2 database system. The
system authorization ID represents the user that created the connection.
Use the SYSTEM_USER special register to see the current value of the
system authorization ID. The system authorization ID cannot be changed
for a connection.
- Session authorization ID
- The authorization ID used for any session authorization checking
subsequent to the initial checks performed during CONNECT processing.
The default value of the session authorization ID is the value of
the system authorization ID. Use the SESSION_USER special register
to see the current value of the session authorization ID. The USER
special register is a synonym for the SESSION_USER special register.
The session authorization ID can be changed by using the SET SESSION
AUTHORIZATION statement.
- Package authorization ID
- The authorization ID used to bind a package
to the database. This authorization ID is obtained from the value
of the OWNER authorization id option
of the BIND command. The package authorization
ID is sometimes referred to as the package binder or package owner.
- Routine owner authorization ID
- The authorization ID listed in the system catalogs as the owner
of the SQL routine that has been invoked.
- Routine invoker authorization ID
- The authorization ID that is the statement authorization ID for
the statement that invoked an SQL routine.
- Statement authorization ID
- The authorization ID associated with a specific SQL statement
that is to be used for any authorization requirements as well as for
determining object ownership (where appropriate). It takes its value
from the appropriate source authorization ID, depending on the type
of SQL statement:
Use the CURRENT_USER special register to see the current value
of the statement authorization ID. The statement authorization ID
cannot be changed directly; it is changed automatically by the DB2 database system to reflect the
nature of each SQL statement.