friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.db2_5.4.0.1/rbafzmstrppro.htm

384 lines
26 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-19" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="keywords" content="
REVOKE (Function or Procedure Privileges) statement,
REVOKE (Function or Procedure Privileges), SQL statements, ALL clause,
ALL PRIVILEGES clause, ALTER clause, EXECUTE clause, FUNCTION clause,
REVOKE statement, SPECIFIC clause, in REVOKE statement, specific-name, revoking,
function, procedure, FROM clause,
in REVOKE (Function or Procedure Privileges) statement, authorization-name,
PUBLIC clause" />
<title>REVOKE (Function or Procedure Privileges)</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rppro"></a>
<h2 id="rppro"><a href="rbafzmst02.htm#ToC_1226">REVOKE (Function or Procedure Privileges)</a></h2><a id="idx3024" name="idx3024"></a><a id="idx3025" name="idx3025"></a>
<a name="revpprc"></a>
<p id="revpprc">This form of the REVOKE statement removes the privileges on
a function or procedure.</p>
<a name="wq1687"></a>
<h3 id="wq1687"><a href="rbafzmst02.htm#ToC_1227">Invocation</a></h3>
<p>This statement can be embedded in an application program or issued interactively.
It is an executable statement that can be dynamically prepared.</p>
<a name="wq1688"></a>
<h3 id="wq1688"><a href="rbafzmst02.htm#ToC_1228">Authorization</a></h3>
<p>The privileges held by the authorization ID of the statement must include
at least one of the following: </p>
<ul>
<li>For each function or procedure identified in the statement:
<ul>
<li>Every privilege specified in the statement</li>
<li>The system authority of *OBJMGT on the function or procedure</li>
<li>The system authority *EXECUTE on the library (or directory if this is
a Java&trade; routine) containing the function or procedure</li></ul></li>
<li>Administrative authority</li></ul>
<a name="wq1689"></a>
<h3 id="wq1689"><a href="rbafzmst02.htm#ToC_1229">Syntax</a></h3>
<a href="rbafzmstrppro.htm#synsrevokef"><img src="c.gif" alt="Click to skip syntax diagram" /></a>
<a name="wq1690"></a>
<div class="fignone" id="wq1690">
<pre class="cgraphic"><span><img src="c.gif" alt="Read syntax diagram" longdesc="rbafzmstsyn368.htm"
border="0" /></span><a href="#skipsyn-367"><img src="c.gif" alt="Skip visual syntax diagram"
border="0" /></a> .-PRIVILEGES-.
>>-REVOKE--+-ALL--+------------+-+------------------------------>
| .-,-----------. |
| V | |
'---+-ALTER---+-+-----'
'-EXECUTE-'
.-,-----------------------------------------------------------------------.
V |
>--ON----+-+-+-FUNCTION-+--<span class="italic">function-name</span>--+------------------------------+-+---+-+-->
| | '-ROUTINE--' '-(--+--------------------+--)-' | |
| | | .-,--------------. | | |
| | | V | | | |
| | '---<span class="italic">parameter-type</span>-+-' | |
| '-SPECIFIC--+-FUNCTION-+--<span class="italic">specific-name</span>-------------------------' |
| '-ROUTINE--' |
'-+-+-PROCEDURE-+--<span class="italic">procedure-name</span>--+------------------------------+-+-'
| '-ROUTINE---' '-(--+--------------------+--)-' |
| | .-,--------------. | |
| | V | | |
| '---<span class="italic">parameter-type</span>-+-' |
'-SPECIFIC--+-PROCEDURE-+--<span class="italic">specific-name</span>--------------------------'
'-ROUTINE---'
.-,----------------------.
V |
>--FROM----+-<span class="italic">authorization-name</span>-+-+---------------------------->&lt;
'-PUBLIC-------------'
</pre>
<a name="skipsyn-367" id="skipsyn-367"></a></div>
<a name="wq1691"></a>
<div class="fignone" id="wq1691">
<pre class="cgraphic"><span><img src="c.gif" alt="Read syntax diagram" longdesc="rbafzmstsyn369.htm"
border="0" /></span><a href="#skipsyn-368"><img src="c.gif" alt="Skip visual syntax diagram"
border="0" /></a>parameter-type:
|----<span class="italic">data-type</span>--+------------+----------------------------------|
'-AS LOCATOR-'
</pre>
<a name="skipsyn-368" id="skipsyn-368"></a></div>
<a name="wq1692"></a>
<div class="fignone" id="wq1692">
<pre class="cgraphic"><span><img src="c.gif" alt="Read syntax diagram" longdesc="rbafzmstsyn370.htm"
border="0" /></span><a href="#skipsyn-369"><img src="c.gif" alt="Skip visual syntax diagram"
border="0" /></a>data-type:
|--+-<span class="italic">built-in-type</span>------+---------------------------------------|
'-<span class="italic">distinct-type-name</span>-'
</pre>
<a name="skipsyn-369" id="skipsyn-369"></a></div>
<a name="wq1693"></a>
<div class="fignone" id="wq1693">
<pre class="cgraphic"><span><img src="c.gif" alt="Read syntax diagram" longdesc="rbafzmstsyn371.htm"
border="0" /></span><a href="#skipsyn-370"><img src="c.gif" alt="Skip visual syntax diagram"
border="0" /></a>built-in-type:
|--+-+---SMALLINT---+----------------------------------------------------------------------------------------------+--|
| +-+-INTEGER-+--+ |
| | '-INT-----' | |
| '---BIGINT-----' |
| .-(5,0)----------------------------. |
+-+-+-DECIMAL-+-+--+----------------------------------+---------------------------------------------------------+
| | '-DEC-----' | '-(--+------------------------+--)-' |
| '-NUMERIC-----' '-<span class="italic">integer</span>--+-----------+-' |
| '-<span class="italic">, integer</span>-' |
| .-(53)----------. |
+-+-FLOAT--+---------------+-+----------------------------------------------------------------------------------+
| | '-(--<span class="italic">integer</span>--)-' | |
| +-REAL---------------------+ |
| | .-PRECISION-. | |
| '-DOUBLE--+-----------+----' |
| .-(1)---------------. |
+-+-+-+-CHARACTER-+--+-------------------+--------------+--+----------------+---------------------------------+-+
| | | '-CHAR------' '-(--+---------+--)-' | +-FOR BIT DATA---+ | |
| | | '-<span class="italic">integer</span>-' | +-FOR SBCS DATA--+ | |
| | '---+-+-CHARACTER-+--VARYING-+--(--+---------+--)---' +-FOR MIXED DATA-+ | |
| | | '-CHAR------' | '-<span class="italic">integer</span>-' '-CCSID--<span class="italic">integer</span>-' | |
| | '-VARCHAR----------------' | |
| | .-(1M)---------------------. | |
| '-----+-+-<span>CHARACTER</span>-+--<span>LARGE OBJECT</span>-+------+--------------------------+--+----------------+--+------------+-' |
| | '-<span>CHAR</span>------' | '-(--+---------+--+---+--)-' +-FOR SBCS DATA--+ '-AS LOCATOR-' |
| '-<span>CLOB</span>------------------------' '-<span class="italic">integer</span>-' +-K-+ +-FOR MIXED DATA-+ |
| +-M-+ '-CCSID--<span class="italic">integer</span>-' |
| '-G-' |
| .-(1)---------------. |
+-+-+---GRAPHIC----+-------------------+---------+--+----------------+-----------+------------------------------+
| | | '-(--+---------+--)-' | '-CCSID--<span class="italic">integer</span>-' | |
| | | '-<span class="italic">integer</span>-' | | |
| | '---+-VARGRAPHIC------+--(--+---------+--)---' | |
| | '-GRAPHIC VARYING-' '-<span class="italic">integer</span>-' | |
| | .-(1M)---------------------. | |
| '---DBCLOB----+--------------------------+--+----------------+--+------------+-' |
| '-(--+---------+--+---+--)-' '-CCSID--<span class="italic">integer</span>-' '-AS LOCATOR-' |
| '-<span class="italic">integer</span>-' +-K-+ |
| +-M-+ |
| '-G-' |
| .-(1)---------------. |
+-+-+-BINARY--+-------------------+---------+---------------------------------+---------------------------------+
| | | '-(--+---------+--)-' | | |
| | | '-<span class="italic">integer</span>-' | | |
| | '-+-BINARY VARYING-+--(--+---------+--)-' | |
| | '-VARBINARY------' '-<span class="italic">integer</span>-' | |
| | .-(1M)---------------------. | |
| '---+-BLOB----------------+----+--------------------------+--+------------+-' |
| '-BINARY LARGE OBJECT-' '-(--+---------+--+---+--)-' '-AS LOCATOR-' |
| '-<span class="italic">integer</span>-' +-K-+ |
| +-M-+ |
| '-G-' |
+-+---DATE-----------------+------------------------------------------------------------------------------------+
| | .-(--0--)-. | |
| +-TIME--+---------+------+ |
| | .-(--6--)-. | |
| '-TIMESTAMP--+---------+-' |
| .-(200)-------------. |
+---DATALINK--+-------------------+--+----------------+---------------------------------------------------------+
| '-(--+---------+--)-' '-CCSID--<span class="italic">integer</span>-' |
| '-<span class="italic">integer</span>-' |
'---ROWID-------------------------------------------------------------------------------------------------------'
</pre>
<a name="skipsyn-370" id="skipsyn-370"></a></div>
<a name="synsrevokef"></a>
<h3 id="synsrevokef"><a href="rbafzmst02.htm#ToC_1230">Description</a></h3>
<dl class="parml">
<dt class="bold">ALL <span class="base">or</span> ALL PRIVILEGES</dt><a id="idx3026" name="idx3026"></a><a id="idx3027" name="idx3027"></a>
<dd>Revokes one or more function or procedure privileges from each <span class="italic">authorization-name</span>. The privileges revoked are those privileges on the
identified functions or procedures that were granted to the <span class="italic">authorization-names</span>. Note that revoking ALL PRIVILEGES on a function
or procedure is not the same as revoking the system authority of *ALL.
<p>If you do not use ALL, you must use one or more of the keywords listed below.
Each keyword revokes the privilege described.</p>
</dd>
<dt class="bold">ALTER </dt><a id="idx3028" name="idx3028"></a>
<dd>Revokes the privilege to use the COMMENT statement.
</dd>
<dt class="bold">EXECUTE </dt><a id="idx3029" name="idx3029"></a>
<dd>Revokes the privilege to execute a function or procedure.
</dd>
<dt class="bold">FUNCTION or SPECIFIC FUNCTION</dt><a id="idx3030" name="idx3030"></a>
<dd>Identifies the function from which the privilege is revoked. The function
must exist at the current server and it must be a user-defined function<span>, but not a function that was implicitly generated with the creation of a
distinct type</span>. The function can be identified by its name, function signature,
or specific name.
<dl class="parml">
<dt class="bold">FUNCTION <var class="pv">function-name</var> </dt>
<dd>Identifies the function by its name. The <span class="italic">function-name</span> must identify exactly one function. The function may have any number
of parameters defined for it. If there is more than one function of the specified
name in the specified or implicit schema, an error is returned.
</dd>
<dt class="bold">FUNCTION <var class="pv">function-name (parameter-type, ...)</var></dt>
<dd>Identifies the function by its function signature, which uniquely identifies
the function. The <span class="italic">function-name (parameter-type, ...)</span> must identify a function with the specified function signature. The
specified parameters must match the data types in the corresponding position
that were specified when the function was created. The number of data types,
and the logical concatenation of the data types is used to identify the specific
function instance on which the privilege is to be revoked. Synonyms for data
types are considered a match.
<p>If <var class="pv">function-name ()</var> is specified,
the function identified must have zero parameters.</p>
<dl class="parml">
<dt class="bold"><var class="pv">function-name </var></dt>
<dd>Identifies the name of the function.
</dd>
<dt class="bold"><var class="pv">(parameter-type, ...)</var></dt>
<dd>Identifies the parameters of the function.
<p>If an unqualified distinct
type name is specified, the database manager searches the SQL path to resolve the schema
name for the distinct type.</p>
<p>For data types that have a length, precision,
or scale attribute, use one of the following:</p>
<ul>
<li>Empty parentheses indicate that the database manager ignores the attribute when determining
whether the data types match. For example, DEC() will be considered a match
for a parameter of a function defined with a data type of DEC(7,2). However,
FLOAT cannot be specified with empty parenthesis because its parameter value
indicates a specific data type (REAL or DOUBLE).</li>
<li>If a specific value for a length, precision, or scale attribute is specified,
the value must exactly match the value that was specified (implicitly or explicitly)
in the CREATE FUNCTION statement. If the data type is FLOAT, the precision
does not have to exactly match the value that was specified because matching
is based on the data type (REAL or DOUBLE).</li>
<li>If length, precision, or scale is not explicitly specified, and empty
parentheses are not specified, the default attributes of the data type are
implied. The implicit length must exactly match the value that was specified
(implicitly or explicitly) in the CREATE FUNCTION statement.</li></ul>
<p>Specifying the FOR DATA clause or CCSID clause is optional. Omission
of either clause indicates that the database manager ignores the attribute when determining
whether the data types match. If either clause is specified, it must match
the value that was implicitly or explicitly specified in the CREATE FUNCTION
statement.</p>
</dd>
<dt class="bold">AS LOCATOR</dt>
<dd>Specifies that the function is defined to receive a locator for this
parameter. If AS LOCATOR is specified, the data type must be a LOB or a distinct
type based on a LOB.
</dd>
</dl>
</dd>
<dt class="bold">SPECIFIC FUNCTION <var class="pv">specific-name</var> <a id="idx3031" name="idx3031"></a></dt><a id="idx3032" name="idx3032"></a><a id="idx3033" name="idx3033"></a>
<dd>Identifies the function by its specific name. The <span class="italic">specific-name</span> must identify a specific function that exists at the current
server.
</dd>
</dl>
</dd>
<dt class="bold">PROCEDURE or SPECIFIC PROCEDURE</dt>
<dd>Identifies the procedure from which the privilege is revoked. The <span class="italic">procedure-name</span> must identify a procedure that exists at
the current server.
<dl class="parml">
<dt class="bold">PROCEDURE <var class="pv">procedure-name</var> </dt>
<dd>Identifies the procedure by its name. The <span class="italic">procedure-name</span> must identify exactly one procedure. The procedure may have any number
of parameters defined for it. If there is more than one procedure of the specified
name in the specified or implicit schema, an error is returned.
</dd>
<dt class="bold">PROCEDURE <var class="pv">procedure-name (parameter-type, ...)</var></dt>
<dd>Identifies the procedure by its procedure signature, which uniquely
identifies the procedure. The <span class="italic">procedure-name (parameter-type,
...)</span> must identify a procedure with the specified procedure signature.
The specified parameters must match the data types in the corresponding position
that were specified when the procedure was created. The number of data types,
and the logical concatenation of the data types is used to identify the specific
procedure instance which is to be revoked. Synonyms for data types are considered
a match.
<p>If <var class="pv">procedure-name ()</var> is specified, the procedure identified
must have zero parameters.</p>
<dl class="parml">
<dt class="bold"><var class="pv">procedure-name </var></dt>
<dd>Identifies the name of the procedure.
</dd>
<dt class="bold"><var class="pv">(parameter-type, ...)</var></dt>
<dd>Identifies the parameters of the procedure.
<p>If an unqualified distinct
type name is specified, the database manager searches the SQL path to resolve the schema
name for the distinct type.</p>
<p>For data types that have a length, precision,
or scale attribute, use one of the following:</p>
<ul>
<li>Empty parentheses indicate that the database manager ignores the attribute when determining
whether the data types match. For example, DEC() will be considered a match
for a parameter of a procedure defined with a data type of DEC(7,2). However,
FLOAT cannot be specified with empty parenthesis because its parameter value
indicates a specific data type (REAL or DOUBLE).</li>
<li>If a specific value for a length, precision, or scale attribute is specified,
the value must exactly match the value that was specified (implicitly or explicitly)
in the CREATE PROCEDURE statement. If the data type is FLOAT, the precision
does not have to exactly match the value that was specified because matching
is based on the data type (REAL or DOUBLE).</li>
<li>If length, precision, or scale is not explicitly specified, and empty
parentheses are not specified, the default attributes of the data type are
implied. The implicit length must exactly match the value that was specified
(implicitly or explicitly) in the CREATE PROCEDURE statement.</li></ul>
<p>Specifying the FOR DATA clause or CCSID clause is optional. Omission
of either clause indicates that the database manager ignores the attribute when determining
whether the data types match. If either clause is specified, it must match
the value that was implicitly or explicitly specified in the CREATE PROCEDURE
statement.</p>
</dd>
<dt class="bold">AS LOCATOR</dt>
<dd>Specifies that the procedure is defined to receive a locator for this
parameter. If AS LOCATOR is specified, the data type must be a LOB or a distinct
type based on a LOB.
</dd>
</dl>
</dd>
<dt class="bold">SPECIFIC PROCEDURE <var class="pv">specific-name</var> </dt><a id="idx3034" name="idx3034"></a><a id="idx3035" name="idx3035"></a><a id="idx3036" name="idx3036"></a>
<dd>Identifies the procedure by its specific name. The <span class="italic">specific-name</span> must identify a specific procedure that exists at the current
server.
</dd>
</dl>
</dd>
<dt class="bold">FROM </dt><a id="idx3037" name="idx3037"></a>
<dd>Identifies from whom the privileges are revoked.
<dl class="parml">
<dt class="bold"><var class="pv">authorization-name,...</var> </dt><a id="idx3038" name="idx3038"></a>
<dd>Lists one or more authorization IDs. Do not specify the same <span class="italic">authorization-name</span> more than once.
</dd>
<dt class="bold">PUBLIC </dt><a id="idx3039" name="idx3039"></a>
<dd>Revokes the specified privileges from PUBLIC.
</dd>
</dl>
</dd>
</dl>
<a name="wq1694"></a>
<h3 id="wq1694"><a href="rbafzmst02.htm#ToC_1231">Notes</a></h3>
<p><span class="bold">Multiple grants:</span> If you revoke a privilege on a function
or procedure, it nullifies any grant of the privilege on that function or
procedure, regardless of who granted it.</p>
<p><span class="bold">Revoking WITH GRANT OPTION:</span> The only way to revoke
the WITH GRANT OPTION is to revoke ALL.</p>
<p><span class="bold">Privilege warning:</span> Revoking a specific privilege
from a user does not necessarily prevent that user from performing an action
that requires that privilege. For example, the user may still have the privilege
through PUBLIC or administrative privileges.</p>
<p><span class="bold">Corresponding system authorities:</span> When a function
or procedure privilege is revoked, the corresponding system authorities are
revoked. For information on the system authorities that correspond to SQL
privileges see <a href="rbafzmstgntprc.htm#gntprc">GRANT (Function or Procedure Privileges)</a>.</p>
<p>Privileges revoked from either an SQL or external function or procedure
are revoked from its associated program (*PGM) or service program (*SRVPGM)
object. Privileges revoked from a Java external function or procedure are
revoked from the associated class file or jar file. If the associated program,
service program, class file, or jar file is not found when the revoke is executed,
an error is returned.</p>
<p><span class="bold">Syntax alternatives:</span> The following keywords are synonyms
supported for compatibility to prior releases. These keywords are non-standard
and should not be used:</p>
<ul>
<li>The keyword RUN can be used as a synonym for EXECUTE.</li></ul>
<a name="wq1695"></a>
<h3 id="wq1695"><a href="rbafzmst02.htm#ToC_1232">Example</a></h3>
<p>Revoke the EXECUTE privilege on procedure PROCA from PUBLIC. </p>
<pre class="xmp"> <span class="bold">REVOKE EXECUTE</span>
<span class="bold">ON PROCEDURE</span> PROCA
<span class="bold">FROM PUBLIC</span></pre><a id="idx3040" name="idx3040"></a><a id="idx3041" name="idx3041"></a>
<hr /><br />
[ <a href="#Top_Of_Page">Top of Page</a> | <a href="rbafzmstrudtp.htm">Previous Page</a> | <a href="rbafzmstrppriv.htm">Next Page</a> | <a href="rbafzmst02.htm#wq1">Contents</a> |
<a href="rbafzmstindex.htm#index">Index</a> ]
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink