SYSCONTROLS catalog table

The SYSCONTROLS table contains one row for each row permission and column mask. The schema is SYSIBM.

Start of changeFL 505 SYSIBM.SYSCONTROLS has an associated history table, SYSIBM.SYSCONTROLS_H, which provides temporal versioning of the catalog table. SYSIBM.SYSCONTROLS_RTXT_H and SYSIBM.SYSCONTROLS_DESC_H are the history tables for the auxiliary tables, SYSIBM.SYSCONTROLS_RTXT and SYSIBM.SYSCONTROLS_DESC, which are associated with the two LOB columns, RULETEXT and DESCRIPTOR. The history tables contain the same columns, with the same data types. The temporal relationship must be enabled before the history table can be used. Rows in the history table can be deleted using the REORG TABLESPACE DISCARD option. For information about enabling the temporal relationship, see Temporal versioning for Db2 security-related catalog tables.End of change

Table 1. SYSIBM.SYSCONTROLS table column descriptions
Column name Data type Description Use
SCHEMA
VARCHAR(128)
NOT NULL
 Schema of the row permission or column mask. G
NAME
VARCHAR(128)
NOT NULL
 Name of the row permission or column mask. G
OWNER
VARCHAR(128)
NOT NULL
 Owner of the row permission or column mask. G
OWNERTYPE
CHAR(1)
NOT NULL
 Indicates the type of the owner:
blank
An authorization ID
L
Role
 G
TBSCHEMA
VARCHAR(128)
NOT NULL
 Schema of the table for which the row permission or column mask is defined. G
TBNAME
VARCHAR(128)
NOT NULL
 Name of the table for which the row permission or column mask is defined. G
TBCORRELATION
VARCHAR(128)
NOT NULL
WITH DEFAILT
 If specified, the correlation name of the table for which the row permission or column mask is defined. Otherwise, the value is an empty string. G
COLNAME
VARCHAR(128)
NOT NULL
 Column name for which the column mask is defined. Blank if this is a row permission. G
COLNO
SMALLINT
NOT NULL
 Column number for which the column mask is defined. 0 if this is a row permission. G
CONTROL_ID
INTEGER
NOT NULL
GENERATED
ALWAYS
AS IDENTITY
 Internal access control ID. S
CONTROL_TYPE
CHAR(1)
NUT NULL
 Indicates the type of the access control object:
R
Row permission
M
Column mask
 G
ENFORCED
CHAR(1)
NUT NULL
 Indicates the type of the access enforced by the row permission. Column mask always has a value of 'A'.
A
All access
 G
IMPLICIT
CHAR(1)
NUT NULL
 Indicates whether the row permission was implicitly created:
N
The row permission was explicitly created or this is a column mask
Y
The row permission was implicitly created
 G
ENABLE
CHAR(1)
NUT NULL
 Indicates whether the row permission or the column mask is enabled for access control:
N
Not enabled
Y
Enabled
 G
STATUS
CHAR(1)
NUT NULL
 Indicates the status of the row permission or column mask definition:
blank
The definition of the row permission or column mask is complete.
R
An error occurred when an attempt was made to regenerate the row permission or column mask.
 G
CREATEDTS
TIMESTAMP
NOT NULL
 The timestamp when the row permission or column mask was created. G
RELCREATED
CHAR(1)
NUT NULL
 The release of Db2 in which the row permission or column mask was created. See Release dependency indicators for values. G
ALTEREDTS
TIMESTAMP
NOT NULL
 The timestamp when the row permission or column mask was last changed. G
REMARKS
VARCHAR(762)
NOT NULL
 A character string provided by using the COMMENT ON statement. G
IBMREQD
CHAR(1)
NOT NULL
 A value of Y indicates that the row was provided with the Db2 product code. For all other values, see Release dependency indicators.

The value in this field is not a reliable indicator of release dependencies. RELCREATED should be used instead.

 G
ENVID
INTEGER
NOT NULL
 Internal identifier of the environment. G
ROWID
ROWID
 Row identifier to support LOB columns in the table. G
RULETEXT
CLOB(2MB)
NOT NULL
 The source text of the search condition or expression portion of the CREATE PERMISSION or CREATE MASK statement.
Note: The lowercase letters in ordinary tokens are folded to uppercase in the text. However, lowercase letters in ordinary tokens are folded to uppercase in a C or Java™ program only if the appropriate precompiler option is specified.
 G
DESCRIPTOR
BLOB(2MB)
NOT NULL
 Internal description of the row permission or column mask S
SYS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW BEGIN
 FL 505 Start of changeThe row-begin column of the SYSTEM_TIME period, for system-period data versioning.End of change G
SYS_END
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS ROW END
 FL 505 Start of changeThe row-end column of the SYSTEM_TIME period, for system-period data versioning.End of change G
TRANS_START
TIMESTAMP(12)
NOT NULL
GENERATED ALWAYS
AS TRANSACTION
START ID
 FL 505 Start of changeThe transaction-start-ID column, for system-period data versioning.End of change G
REGENERATETS TIMESTAMP(12) NOT NULL The time when the object was regenerated. The value is valid only for objects that can be regenerated. If no regeneration has occurred, this column contains the same value as the CREATEDTS column. G
Start of changeFL 505 GEN_SESSION_USEREnd of change Start of change
VARCHAR(128)
GENERATED ALWAYS AS (SESSION_USER)
End of change		 Start of changeThe value of the SESSION_USER special register. This column contains a null value when the value is unknown for the existing rows prior to catalog level V13R1M505.End of change Start of changeGEnd of change