97 lines
6.7 KiB
HTML
97 lines
6.7 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Authority to distributed relational database objects" />
|
||
|
<meta name="abstract" content="You can use either the SQL GRANT and REVOKE statements or the control language (CL) Grant Object Authority (GRTOBJAUT) and Revoke Object Authority (RVKOBJAUT) commands to grant and revoke a user's authority to relational database objects." />
|
||
|
<meta name="description" content="You can use either the SQL GRANT and REVOKE statements or the control language (CL) Grant Object Authority (GRTOBJAUT) and Revoke Object Authority (RVKOBJAUT) commands to grant and revoke a user's authority to relational database objects." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbal1secure.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../cl/crtsqlpkg.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../cl/grtobjaut.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../cl/rvkobjaut.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../sqlp/rbafysecurity.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbal1drdastatement.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rbal1sqlaut" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Authority to distributed relational database objects</title>
|
||
|
</head>
|
||
|
<body id="rbal1sqlaut"><a name="rbal1sqlaut"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Authority to distributed relational database objects</h1>
|
||
|
<div><p>You can use either the SQL GRANT and REVOKE statements or the control
|
||
|
language (CL) <span class="cmdname">Grant Object Authority (GRTOBJAUT)</span> and <span class="cmdname">Revoke
|
||
|
Object Authority (RVKOBJAUT)</span> commands to grant and revoke a user's
|
||
|
authority to relational database objects.</p>
|
||
|
<p>The SQL GRANT and REVOKE statements only operate on packages, tables, and
|
||
|
views. In some cases, it is necessary to use <span class="cmdname">GRTOBJAUT</span> and <span class="cmdname">RVKOBJAUT</span> to
|
||
|
authorize users to other objects, such as commands and programs.</p>
|
||
|
<p>The authority checked for SQL statements depends on whether the statement
|
||
|
is static, dynamic, or being run interactively.</p>
|
||
|
<p>For Interactive SQL statements, authority is checked against the authority
|
||
|
of the person processing the statement. Adopted authority is not used for
|
||
|
Interactive SQL statements.</p>
|
||
|
<p>Users running a distributed relational database application need authority
|
||
|
to run the SQL package on the application server (AS). The GRANT EXECUTE ON
|
||
|
PACKAGE statement allows the owner of an SQL package, or any user with administrative
|
||
|
privileges to it, to grant specified users the privilege to run the statements
|
||
|
in an SQL package. You can use this statement to give all users authorized
|
||
|
to the AS, or a list of one or more user profiles on the AS, the privilege
|
||
|
to run statements in an SQL package.</p>
|
||
|
<p>Normally, users have processing privileges on a package if
|
||
|
they are authorized to the distributed application program created using the
|
||
|
CRTSQL<em>xxx</em> command. If the package is created using the <span class="cmdname">Create
|
||
|
Structured Query Language Package (CRTSQLPKG)</span> command, you might
|
||
|
have to grant processing privileges on the package to users. You can issue
|
||
|
this statement in an SQL program or using Interactive SQL. A sample statement
|
||
|
is as follows: </p>
|
||
|
<pre>GRANT EXECUTE
|
||
|
ON PACKAGE SPIFFY.PARTS1
|
||
|
TO PUBLIC</pre>
|
||
|
<p>The REVOKE EXECUTE ON PACKAGE statement allows the owner of an SQL package,
|
||
|
or any user with administrative privileges to it, to remove the privilege
|
||
|
to run statements in an SQL package from specified users. You can remove the
|
||
|
EXECUTE privilege to all users authorized to the AS or to a list of one or
|
||
|
more user profiles on the AS.</p>
|
||
|
<p>If you granted the same privilege to the same user more than
|
||
|
once, revoking that privilege from that user nullifies all those grants. If
|
||
|
you revoke an EXECUTE privilege on an SQL package you previously granted to
|
||
|
a user, it nullifies any grant of the EXECUTE privilege on that SQL package,
|
||
|
regardless of who granted it. A sample statement is as follows: </p>
|
||
|
<pre>REVOKE EXECUTE
|
||
|
ON PACKAGE SPIFFY.PARTS1
|
||
|
FROM PUBLIC</pre>
|
||
|
<p>You can also grant authority to an SQL package using the <span class="cmdname">Grant
|
||
|
Object Authority (GRTOBJAUT)</span> command or revoke authority to an SQL
|
||
|
package using the <span class="cmdname">Revoke Object Authority (RVKOBJAUT)</span> command.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1secure.htm" title="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects.">Security</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="../sqlp/rbafysecurity.htm">Security for SQL objects</a></div>
|
||
|
</div>
|
||
|
<div class="relref"><strong>Related reference</strong><br />
|
||
|
<div><a href="../cl/crtsqlpkg.htm">Create Structured Query Language Package (CRTSQLPKG) command</a></div>
|
||
|
<div><a href="../cl/grtobjaut.htm">Grant Object Authority (GRTOBJAUT) command</a></div>
|
||
|
<div><a href="../cl/rvkobjaut.htm">Revoke Object Authority (RVKOBJAUT) command</a></div>
|
||
|
<div><a href="rbal1drdastatement.htm" title="The statements included with the SQL language specifically support a distributed relational database.">Distributed relational database statements</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|