SQL plans are securable. With plan security you can create a plan such that, in order to execute the plan, an accessor ID must have the plan EXECUTE privilege for that plan. The plan EXECUTE privilege can be granted with the GRANT statement and revoked with the REVOKE statement. Also see the information on the REVOKE statement and the CHECKPLAN=, CHECKWHEN=, CHECKWHO=, and SAVEPLANSEC= options. For detailed information about plan security, see the CA Datacom Security Reference Guide.
Note: To grant a plan privilege you must possess that privilege WITH GRANT OPTION or be a Global Owner. To revoke a plan privilege you must have granted the privilege or be a Global Owner. See the CA Datacom Security Reference Guide for more information on Global Owners.
Following is the syntax diagram for the plan security version of the REVOKE statement:
┌─ , ───────────┐
►►─ REVOKE ─┬─ EXECUTE ─┬─ ON PLANplan-nameFROM ─┬─▼─ accessor-id ─┴─┬────────►
└─ BIND ────┘ ├─ PUBLIC ──────────┤
└─ UNKNOWNUSER ─────┘
►─┬───────────┬──────────────────────────────────────────────────────────────►◄
└─ CASCADE ─┘
|
Copyright © 2014 CA.
All rights reserved.
|
|