Privileges enable users to create or access database resources. Authority levels provide a method of grouping privileges and higher-level database manager maintenance and utility operations. Together, these act to control access to the database manager and its database objects.
Users can access only those objects for which they have the appropriate authorization; that is, the required privilege or authority.
Mode | Required authority |
---|---|
INSERT | CONTROL or INSERT and SELECT |
INSERT_UPDATE | CONTROL or INSERT, SELECT, UPDATE, and DELETE |
REPLACE | CONTROL or INSERT, SELECT, and DELETE |
REPLACE_CREATE | When the target table exists: CONTROL or INSERT, SELECT, and DELETE When the target table doesn't exist: CREATETAB (on the database), USE (on the table space), and when the schema does not exist: IMPLICIT_SCHEMA (on the database), or when the schema exists: CREATEIN (on the schema) |
CREATE | CREATETAB (on the database), USE (on the table
space), and when the schema does not exist: IMPLICIT_SCHEMA (on the database), or when the schema exists: CREATEIN (on the schema) |
If you want to import to a hierarchy, the required authority also depends on the mode. For existing hierarchies, CONTROL privilege on every subtable in the hierarchy is sufficient for a REPLACE operation. For hierarchies that don't exist, CONTROL privilege on every subtable in the hierarchy, along with CREATETAB and USE, is sufficient for a REPLACE_CREATE operation.
In addition, there a few considerations for importing into tables with label-based access control (LBAC) security labels defined on them. To import data into a table that has protected columns, the session authorization ID must have LBAC credentials that allow write access to all protected columns in the table. To import data into a table that has protected rows, the session authorization ID must have been granted a security label for write access that is part of the security policy protecting the table.