Plan EXECUTE and plan BIND privileges can be granted and revoked by using the plan security versions of the GRANT and REVOKE statements.
Note: To grant a plan privilege you must possess that privilege WITH GRANT OPTION or be a Global Owner. To revoke a plan privilege you must have granted the privilege or be a Global Owner. See Global Ownership.
Here is the syntax diagram for the plan security version of the GRANT statement.
┌───────────────┐
►►─ GRANT ─┬─ EXECUTE ─┬─ ON PLANplan-nameTO ─┬─▼─ accessor-id ─┴─┬───────────►
└─ BIND ────┘ ├─ PUBLIC ──────────┤
└─ UNKNOWNUSER ─────┘
►─┬─────────────────────┬────────────────────────────────────────────────────►◄
├─ WITH GRANT OPTION ─┤
└─ WITH GRANT ────────┘
Here is the syntax diagram for the plan security version of the REVOKE statement.
┌───────────────┐
►►─ REVOKE ─┬─ EXECUTE ─┬─ ON PLANplan-nameFROM ─┬─▼─ accessor-id ─┴─┬────────►
└─ BIND ────┘ ├─ PUBLIC ──────────┤
└─ UNKNOWNUSER ─────┘
►─┬───────────┬──────────────────────────────────────────────────────────────►◄
└─ CASCADE ─┘
Specifying EXECUTE for privilege-name grants or revokes a plan EXECUTE privilege. The plan EXECUTE privilege allows an accessor ID to execute the plan.
Specifying BIND for privilege-name grants or revokes the plan BIND privilege. The plan BIND privilege is required for an accessor ID to create, rebind, or delete a plan.
The creator of a plan is automatically granted the EXECUTE and BIND privileges for that plan. The EXECUTE and BIND privileges are ignored by the SQL Manager if the plan privileges are checked externally. For more information, see Using External Security for CA Datacom.
For plan-name, specify the name of the plan to or from which the plan EXECUTE or plan BIND privilege is to be granted or revoked.
Specify the accessor ID of one or more users to whom you are granting or revoking privileges (you can only use a REVOKE statement to revoke privileges that were granted with a GRANT statement). Note that an accessor ID is a user's ID, not a schema authid. When using GRANT, do not specify your own accessor ID (you cannot grant privileges to yourself). If listing more than one accessor ID, separate them with commas.
Specify PUBLIC when you are granting or revoking the specified privileges to or from all users. A new user automatically has any privileges previously granted to the public.
Specify UNKNOWNUSER when you are granting or revoking the specified privileges to or from users whose identities cannot be determined by the CA Datacom/DB Security Facility.
(Optional) Specify this option if you want the user to whom you have granted the privilege to be able to grant it to another user. The WITH GRANT OPTION cannot be used with PUBLIC.
Specify WITH GRANT if you want the user to whom you have granted the privilege to be able to grant it to another user. WITH GRANT cannot be used with PUBLIC or with UNKNOWNUSER.
(Optional) If CASCADE is specified, any other dependent privileges that have been granted to others (through the GRANT statement) are also revoked. If a REVOKE is issued without CASCADE and the grantee granted privileges to other users, the REVOKE is not permitted. The CASCADE option of REVOKE does not block the cascading effect of a revoke but operates instead as a fail-safe device. Specifying CASCADE simply acknowledges your understanding that there are cascading effects.
You can find more information related to GRANT and REVOKE in Cascading of REVOKE and DROP and Binding of GRANT and REVOKE Statements. For still more information about the GRANT and REVOKE statements, see the CA Datacom/DB SQL User Guide.
|
Copyright © 2014 CA.
All rights reserved.
|
|