The DEFINE Keyword
When you use the DEFINE keyword with a GRANT statement, you grant a set of definition privileges to one or more users or groups.
When you use the DEFINE keyword with a REVOKE statement, you revoke all of the privileges in the set that have been previously granted to the specified users or groups.
This means that if you GRANT CREATE privilege on a resource, you can revoke the privilege with either a REVOKE CREATE statement or a REVOKE DEFINE statement. Using REVOKE DEFINE is an efficient technique when you intend to revoke all definition privileges from a user or group, whether the privileges were granted singly or as a set.
Similarly, you can GRANT DEFINE on a resource to a user and then REVOKE DROP on the resource from the same user as a way to grant all but one definition privilege.
Security Considerations for IDMSRPTS
If a dictionary named in an IDMSRPTS run has been secured, the user who submits the job must have EXECUTE privilege on the category containing the run unit dictionary-name.IDMSNWKG.IDMSRPTS. Additional privileges may be required depending on the reports requested:
|
Report |
Privilege |
|---|---|
|
DBTLST (DBTABLE listing) |
DBADMIN on the dictionary or DISPLAY on the DBTABLE |
|
DMCLST (DMCL listing) |
DBADMIN on the dictionary or DISPLAY on the DMCL |
|
SEGLST (segment listing) |
DBADMIN on the dictionary or DISPLAY on the DB |
|
All other reports |
Governed by application dictionary security |
Note: For more information, see the chapter Securing Application Dictionary Resources.
Granting Privilege to Issue DMCL Statements
The following statement gives the users the privilege to issue DMCL definition statements for DMCL99:
grant define on dmcl dmcl99 to mike, ryan;
|
Copyright © 2014 CA.
All rights reserved.
|
|