GRANT Physical Database Definition Privileges Parameters

Syntax for Securing Database Resources › GRANT Physical Database Definition Privileges › GRANT Physical Database Definition Privileges Parameters

GRANT Physical Database Definition Privileges Parameters

DEFINE

Gives the ALTER, CREATE, DISPLAY, DROP, and USE privileges, as applicable, on the resource identified in the ON parameter to the users or groups identified in the TO parameter.

ALTER

Gives the ALTER privilege on the resource identified in the ON parameter to the users or groups identified in the TO parameter.

The ALTER privilege on a resource allows a user to modify the definition of the resource. The ALTER privilege on a DMCL or database name table also allows a user to generate a load module from the definition.

CREATE

Gives the CREATE privilege on the resource identified in the ON parameter to the users or groups identified in the TO parameter.

The CREATE privilege on a resource allows a user to define the resource.

DISPLAY

Gives the DISPLAY privilege on the resource identified in the ON parameter to the users or groups identified in the TO parameter.

The DISPLAY privilege allows the user to issue a DISPLAY RESOURCE statement on the named resource. The grantable DISPLAY privilege allows a user to issue a DISPLAY PRIVILEGES statement on the named resource.

The DISPLAY privilege on a DBTABLE resource is required for a user to produce a DBTABLE listing using IDMSRPTS. The DISPLAY privilege on a DMCL resource is required for a user to produce a DMCL listing using IDMSRPTS. The DISPLAY privilege on a DB resource is required for a user to produce a segment listing using IDMSRPTS.

DROP

Gives the DROP privilege on the resource identified in the ON parameter to the users or groups identified in the TO parameter.

The DROP privilege on a resource allows a user to delete the definition of the resource.

USE

Gives the USE privilege on the resource identified in the ON parameter to the users or groups identified in the TO parameter.

DMCL—The USE privilege allows a user to format, print, archive, and fix the journal files defined by the DMCL and punch the DMCL load module.
Database name table—The USE privilege allows a user to punch the database name table load module and specify the database name table in the DBTABLE parameter of a DMCL definition.
Segment—The USE privilege allows a user to associate the segment with an SQL schema.

ON

Specifies the resource to which the definition privileges apply.

DMCL dmcl-name

Identifies a DMCL.

The scope of a privilege granted on a DMCL resource includes these physical database definition statements:

DMCL
BUFFER
JOURNAL BUFFER
ARCHIVE JOURNAL
DISK JOURNAL
TAPE JOURNAL

You can wildcard dmcl-name.

Note: For more information about wildcarding, see Using a Wildcard.

DBTABLE dbtable-name

Identifies a database name table.

The scope of a privilege granted on a DBTABLE resource includes these physical database definition statements:

DBTABLE
DBNAME

You can wildcard dbtable-name.

Note: For more information about wildcarding, see Using a Wildcard.

DB database-name

Identifies a segment or a name in the database name table.

The scope of a privilege granted on a DB resource includes these physical database definition statements:

SEGMENT
FILE
AREA

You can wildcard database-name.

Note: For more information about wildcarding, see Using a Wildcard.

TO

Specifies the users or groups to whom you are giving definition privileges.

PUBLIC

Specifies all users.

authorization-identifier

Identifies a user or group.

Note: Expanded syntax for authorization-identifier is presented in chapter Notes on Security Statement Syntax.

WITH GRANT OPTION

Gives the authority to grant the specified definition privileges on the named resource to the users or groups identified in the TO parameter. Only a holder of the applicable DBADMIN privilege or a holder of SYSADMIN privilege can specify WITH GRANT OPTION.

A privilege granted with the WITH GRANT OPTION is called a grantable privilege.