ibm-information-center/dist/eclipse/plugins/i5OS.ic.ddp_5.4.0.1/rbal1sqlaut.htm

97 lines
6.7 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Authority to distributed relational database objects" />
<meta name="abstract" content="You can use either the SQL GRANT and REVOKE statements or the control language (CL) Grant Object Authority (GRTOBJAUT) and Revoke Object Authority (RVKOBJAUT) commands to grant and revoke a user's authority to relational database objects." />
<meta name="description" content="You can use either the SQL GRANT and REVOKE statements or the control language (CL) Grant Object Authority (GRTOBJAUT) and Revoke Object Authority (RVKOBJAUT) commands to grant and revoke a user's authority to relational database objects." />
<meta name="DC.Relation" scheme="URI" content="rbal1secure.htm" />
<meta name="DC.Relation" scheme="URI" content="../cl/crtsqlpkg.htm" />
<meta name="DC.Relation" scheme="URI" content="../cl/grtobjaut.htm" />
<meta name="DC.Relation" scheme="URI" content="../cl/rvkobjaut.htm" />
<meta name="DC.Relation" scheme="URI" content="../sqlp/rbafysecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1drdastatement.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rbal1sqlaut" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Authority to distributed relational database objects</title>
</head>
<body id="rbal1sqlaut"><a name="rbal1sqlaut"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Authority to distributed relational database objects</h1>
<div><p>You can use either the SQL GRANT and REVOKE statements or the control
language (CL) <span class="cmdname">Grant Object Authority (GRTOBJAUT)</span> and <span class="cmdname">Revoke
Object Authority (RVKOBJAUT)</span> commands to grant and revoke a user's
authority to relational database objects.</p>
<p>The SQL GRANT and REVOKE statements only operate on packages, tables, and
views. In some cases, it is necessary to use <span class="cmdname">GRTOBJAUT</span> and <span class="cmdname">RVKOBJAUT</span> to
authorize users to other objects, such as commands and programs.</p>
<p>The authority checked for SQL statements depends on whether the statement
is static, dynamic, or being run interactively.</p>
<p>For Interactive SQL statements, authority is checked against the authority
of the person processing the statement. Adopted authority is not used for
Interactive SQL statements.</p>
<p>Users running a distributed relational database application need authority
to run the SQL package on the application server (AS). The GRANT EXECUTE ON
PACKAGE statement allows the owner of an SQL package, or any user with administrative
privileges to it, to grant specified users the privilege to run the statements
in an SQL package. You can use this statement to give all users authorized
to the AS, or a list of one or more user profiles on the AS, the privilege
to run statements in an SQL package.</p>
<p>Normally, users have processing privileges on a package if
they are authorized to the distributed application program created using the
CRTSQL<em>xxx</em> command. If the package is created using the <span class="cmdname">Create
Structured Query Language Package (CRTSQLPKG)</span> command, you might
have to grant processing privileges on the package to users. You can issue
this statement in an SQL program or using Interactive SQL. A sample statement
is as follows: </p>
<pre>GRANT EXECUTE
ON PACKAGE SPIFFY.PARTS1
TO PUBLIC</pre>
<p>The REVOKE EXECUTE ON PACKAGE statement allows the owner of an SQL package,
or any user with administrative privileges to it, to remove the privilege
to run statements in an SQL package from specified users. You can remove the
EXECUTE privilege to all users authorized to the AS or to a list of one or
more user profiles on the AS.</p>
<p>If you granted the same privilege to the same user more than
once, revoking that privilege from that user nullifies all those grants. If
you revoke an EXECUTE privilege on an SQL package you previously granted to
a user, it nullifies any grant of the EXECUTE privilege on that SQL package,
regardless of who granted it. A sample statement is as follows: </p>
<pre>REVOKE EXECUTE
ON PACKAGE SPIFFY.PARTS1
FROM PUBLIC</pre>
<p>You can also grant authority to an SQL package using the <span class="cmdname">Grant
Object Authority (GRTOBJAUT)</span> command or revoke authority to an SQL
package using the <span class="cmdname">Revoke Object Authority (RVKOBJAUT)</span> command.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1secure.htm" title="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects.">Security</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="../sqlp/rbafysecurity.htm">Security for SQL objects</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="../cl/crtsqlpkg.htm">Create Structured Query Language Package (CRTSQLPKG) command</a></div>
<div><a href="../cl/grtobjaut.htm">Grant Object Authority (GRTOBJAUT) command</a></div>
<div><a href="../cl/rvkobjaut.htm">Revoke Object Authority (RVKOBJAUT) command</a></div>
<div><a href="rbal1drdastatement.htm" title="The statements included with the SQL language specifically support a distributed relational database.">Distributed relational database statements</a></div>
</div>
</div>
</body>
</html>