Information
The SYSCAT.SURROGATEAUTHIDS contains all accounts that have been granted SETSESSIONUSER privilege on a user or to PUBLIC. It is recommended that the PUBLIC role be restricted from accessing this view.
PUBLIC should not be able to view all the surrogate accounts with SETSESSIONUSER privilege.
Solution
Perform the following to revoke access from PUBLIC.
1. Connect to the DB2 database.
db2 => connect to $DB2INSTANCE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window:
db2 => REVOKE SELECT ON SYSCAT.SURROGATEAUTHIDS FROM PUBLIC