A new bind option solves some of the security problems associated with dynamic SQL. Prior to DB2 V4.1, security for dynamic SQL was checked at run time. In order to update a table, a user needed UPDATE authority on the table. If the user exercised this authority only through well-controlled update programs, this did not present a problem. But the grant of UPDATE authority meant that the user could update through SPUFI, any ODBC-compliant product, and so forth.

DYNAMICRULES(RUN) specifies that the authorization ID for dynamic SQL statments is determined at run time, using the authorization ID of the user and any secondary IDs he may have.

DYNAMICRULES(BIND) specifies that dynamic SQL is to be executed with the authority of the plan or package owner. This can obviate the need for granting table or view authorizations to users of the plan or package.