DB2 provides various levels of security like authorization, authentication, privileges, roles, and so on. We can limit user access by setting the proper restrictions at any level. We can only apply these restrictions to a user, a role, or a group. It also means that if we use generic authorization IDs, then we cannot provide granular security. This is the exact problem we face in 3-tier architecture. In this architecture, we have the application server between the database and the application. The application server runs all the queries against the database on behalf of the application and this is done by the authorization ID, available at the application server. Because we also want this authorization ...