Authorization checking for operations on views

For most operations on views, the RACF access control module checks for authorization to the view.

For most operations on views, the RACF access control module checks for authorization on the view. Authorization checking for INSERT, DELETE, and UPDATE are different because the operations on views can affect the base tables for the views.

In general, three types of views can be defined:

Updatable view

A view that is defined with simple column references in the SELECT list of the view definition, and a single table in the FROM clause of the view definition. An INSERT, DELETE, or UPDATE operation to the view is reflected to the underlying table.

Read-only view

A view created from multiple tables. The INSERT, DELETE, and UPDATE operations fail for these views.

INSTEAD OF trigger view

The view is read-only, but the SQL in the trigger package can update the underlying table or tables.

For INSERT, DELETE, and UPDATE operations on updatable views, the RACF access control module checks for authorization to the resource name which includes both the underlying table information (qualifier and name) and view information (qualifier and name) and not to the view itself.

For INSERT, DELETE, and UPDATE operations on read-only and INSTEAD OF trigger views, the RACF access control module checks for authorization on the view.

If a view is created on another view, during view creation the RACF access control module does authorization checks for INSERT, DELETE, and UPDATE. These checks are done on the base view.

For more information, see View privileges.