Previous Topic: GET STATISTICSNext Topic: GRANT Definition Privileges

StatementsGRANT Access Module Execution Privilege

GRANT Access Module Execution Privilege

The GRANT Access Module Execution Privilege authorization statement gives one or more users or groups the privilege of executing a specified access module. The GRANT EXECUTE statement is a CA IDMS extension of the SQL standard.

Authorization

To grant access module execution privilege, you must own the access module, hold grantable privilege on the access module, or hold DBADMIN privilege on the dictionary that contains the access module.

Syntax
►►─── GRANT EXECUTE ──────────────────────────────────────────────────────────►

 ►─── ON ACCESS MODULE ─┬────────────────┬─ access-module-name ───────────────►
                        └─ schema-name. ─┘

          ┌─────────────── , ──────────────┐
 ►─── TO ─▼─┬─ PUBLIC ───────────────────┬─┴──────────────────────────────────►
            └─ authorization-identifier ─┘

 ►─┬─────────────────────┬────────────────────────────────────────────────────►◄
   └─ WITH GRANT OPTION ─┘
Parameters
ON ACCESS MODULE access-module-name

Specifies the access module to which the EXECUTE privilege applies.

schema-name

Identifies the schema associated with access-module-name.

If you do not specify schema-name, it defaults to the current schema in effect for your SQL session.

TO

Identifies the users to whom you are giving the EXECUTE privilege.

PUBLIC

Specifies all users.

authorization-identifier

Identifies a user or group. For expanded authorization-identifier syntax, see Expansion of Authorization-identifier.

WITH GRANT OPTION

Gives the privilege of granting the EXECUTE privilege on the named access module to the users identified in the TO parameter. The owner of the resource, a holder of the applicable DBADMIN privilege, or a holder of SYSADMIN privilege can specify WITH GRANT OPTION

A privilege granted with the WITH GRANT OPTION is called a grantable privilege.

Usage

Multiple Access Modules in One GRANT EXECUTE Statement

You can grant privileges on multiple access modules in a single GRANT statement by using an asterisk (*) as a wildcard character. A wildcard character represents one or more characters omitted from a string.

If used, the asterisk must be the last character in access-module-name. If access-module-name ends with an asterisk, the name represents all the access modules whose names match the pattern established.

For example, the access module name TST* in a GRANT EXECUTE statement represents all access modules whose names start with TST in the specified or current schema.

Duration of Privileges

Users hold the EXECUTE privilege granted on an access module until the privilege is explicitly taken away by means of the REVOKE EXECUTE statement.

Privileges Granted to Groups

When you grant a privilege to a group, each user in the group holds the privilege. If you subsequently add a user to the group, that user also holds the privilege. If you drop a user from the group, that user longer holds the privilege.

Access Modules in Categories

Although you can grant the EXECUTE privilege on a specified access module, the more typical method is to grant the privilege on a category that includes multiple access modules. The use of categories for granting the EXECUTE privilege reduces overhead and provides better performance in a multiuser environment.

Executing an Access Module

To execute an access module, the owner of the access module must have the authority to execute all statements in the access module.

To execute an access module, a user other than the owner must:

Example

Granting the EXECUTE Privilege

The following GRANT EXECUTE statement gives the EXECUTE privilege on all access modules in the HR schema that begin with EMP to the users in the groups PER_GRP_1 and PER_GRP_2:

grant execute
   on access module hr.emp*
   to per_grp_1, per_grp_2;
More Information