If defined, this AuthID replaces the Primary AuthID as soon as the user logs in to the XDB Server. The user (or process) is given the privileges that have been granted to the SecondaryID. If the Primary AuthID had privileges granted to it, those privileges would be ignored. When a user with a SecondaryID creates an object, the AuthID portion of the object's name is the SecondaryID. All other users who use the same SecondaryID will have all privileges on that object.
Note:
- The XDB Server SecondaryID is not the same as the DB2 Secondary Authorization ID. The IBM method of defining multiple Secondary Authorization IDs and assigning them to Primary AuthIDs in RACF (Resource Access Control Facility) is similar to XDB Server's group concept.
- If you use an object creator's AuthID as a SecondaryID for other users, those other users will all have all privileges on the object. A user with a SecondaryID is seen by the system as being the SecondaryID, and therefore has all privileges on all objects that carry that AuthID as the second part of the object name. Privileges cannot be revoked from the creator of an object, or from a user who's Current SQLID is the same as the object creator's AuthID. The GRANT and REVOKE commands have no effect on the privileges of an object's creator/owner.