Implicit privileges may be granted to a user who has the privilege to execute a 

package. While users can run the application, they do not necessarily require 

explicit privileges on the data objects used within the package. 

Users with administrative authority (SYSADM or DBADM) or ownership 

privileges (CONTROL) can grant and revoke privileges to and from others, using 

the 

GRANT

 and 

REVOKE

 statements. It is also possible to grant a table, view, or 

schema privilege to another user if that privilege is held 

WITH GRANT OPTION

. 

However, the 

WITH GRANT OPTION

 does not allow the person granting the privilege 

to revoke the privilege once granted. You must have SYSADM authority, DBADM 

authority, or CONTROL privilege to revoke the privilege. 

A user or group can be authorized for any combination of individual privileges or 

authorities. When a privilege is associated with a resource, that resource must 

exist. For example, a user cannot be given the SELECT privilege on a table 

unless that table has previously been created. 

Note:

 Care must be taken to give authorities and privileges to a user name 

that does not exist in the system yet. At some later time, this user name can 

be created and will automatically receive all of the authorities and privileges 

associated.

Privileges in DB2 UDB can be granted on the following levels:

Database level

  CONNECT privilege

  CREATETAB privilege

  LOAD privilege

  IMPLICIT_SCHEMA privilege

  BINDADD privilege

  others

Schema level

  CREATEIN privilege

  ALTERIN privilege

  DROPIN privilege

Table space level

  USE privilege

 Chapter 6. Data porting 

143