On OS/400®, database security
is managed at the operating system level, not at the database level.
When you set up permissions for the database, you determine the degree
of access (read, add, delete, etc.) individual users, groups, and
authorization lists may have. This operation can easily be done via
Operation Navigator.
The privileges must include the following system authorities:
- *USE to the Create Physical File (CRTPF) command.
- *EXECUTE and *ADD to the library into which the table is created.
- *OBJOPR and *OBJMGT to the journal.
- *CHANGE to the data dictionary if the library into which the table
is created is an SQL collection with a data dictionary.
To define a foreign key, the privileges must include the following
on the parent table:
- The REFERENCES privilege or object management authority for the
table.
- The REFERENCES privilege on each column of the specified parent
key.
- Ownership of the table.
The REFERENCES privilege on a table consists of:
- Being the owner of the table.
- Having the REFERENCES privilege to the table.
- Having the system authorities of either *OBJREF or *OBJMGT to
the table.
The REFERENCES privilege on a column consists of:
- Being the owner of the table.
- Having the REFERENCES privilege to the column.
- Having the system authority of *OBJREF to the column or the system
authority of *OBJMGT to the table.
To EXECUTE a user-defined function, the privilege consists of:
- Being owner of the user-defined function.
- Having EXECUTE privilege to the user-defined function.
- Having the system authorities of *OBJOPR and *EXECUTE to the user-defined
function.