The secondary authentication ID is more commonly known as the secondary
authorization ID.
The meaning and use of the secondary authorization ID depends on the
following conditions:
- The DB2 platform you are
using.
- In some cases, the way that platform is configured.
To fully understand how a secondary authorization ID can be used
for your environment, refer to your DB2 documentation.
Here are common examples of the secondary authorization ID:
- For DB2 UDB, if you specify
a secondary authorization ID, that ID is used as the default schema
name for all SQL statements.
- For DB2 on zOS, a secondary
authorization ID is often mapped to a RACF® group.
Access rights to DB2 objects
are granted to the RACF group
and individual user IDs are added to the RACF group. This technique minimizes work when
your authorization requirements change. For example, if a new DB2 table is created, the system
administrator can grant access to a RACF group;
all individuals belonging to that group then get read access, as long
as they are using the secondary authorization ID.