ACCESSCTRL authority is the authority required to grant
and revoke privileges on objects within a specific database. ACCESSCTRL
authority has no inherent privilege to access data stored in tables,
except the catalog tables and views.
ACCESSCTRL authority can only be granted by the security administrator
(who holds SECADM authority). It can be granted to a user, a group,
or a role. PUBLIC cannot obtain the ACCESSCTRL authority either directly
or indirectly. ACCESSCTRL authority gives a user the ability to perform
the following operations:
- Grant and revoke the following administrative authorities:
- Grant and revoke the following database authorities:
- BINDADD
- CONNECT
- CREATETAB
- CREATE_EXTERNAL_ROUTINE
- CREATE_NOT_FENCED_ROUTINE
- IMPLICIT_SCHEMA
- LOAD
- QUIESCE_CONNECT
- Grant and revoke all privileges on the following objects, regardless
who granted the privilege:
- Global Variable
- Index
- Nickname
- Package
- Routine (except audit routines)
- Schema
- Sequence
- Server
- Table
- Table Space
- View
- XSR Objects
- SELECT privilege on the system catalog tables and views
This authority is a subset of security administrator (SECADM) authority.