GRANT (XML Schema Privileges)
This form of the GRANT statement grants privileges on an XSR object.
Invocation
This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared.
Authorization
The privileges held by the authorization ID of the statement must include at least one of the following:
- For each XSR object identified in the statement:
- Every privilege specified in the statement
- The system authority of *OBJMGT on the XSR object
- The system authority *EXECUTE on the library containing the XSR object
- Administrative authority
If WITH GRANT OPTION is specified, the privileges held by the authorization ID of the statement must include at least one of the following:
- Ownership of the XSR object
- Administrative authority
Syntax
.-PRIVILEGES-. >>-GRANT--+-ALL--+------------+-+-------------------------------> | .-,---------. | | V | | '---+-ALTER-+-+-------' '-USAGE-' .-,--------------. V | >--ON XSROBJECT----xsrobject-name-+-----------------------------> .-,----------------------. V | >--TO----+-authorization-name-+-+--+-------------------+------->< '-PUBLIC-------------' '-WITH GRANT OPTION-'
Description
- ALL or ALL PRIVILEGES
- Grants one
or more privileges. The privileges granted are all those grantable
privileges that the authorization ID of the statement has on the specified
XSR object. Note that granting ALL PRIVILEGES on an XSR object is
not the same as granting the system authority of *ALL.
If you do not use ALL, you must use one or more of the keywords listed below. Each keyword grants the privilege described.
- ALTER
- Grants the privilege to use the COMMENT and LABEL statements.
- USAGE
- Grants the privilege to use the XSR object for validation or decomposition.
- ON XSROBJECT xsrobject-name
- Identifies the XSR objects for which the privilege is granted. The xsrobject-name must identify an XSR object that exists at the current server.
- TO
- Indicates to whom the privileges are granted.
- authorization-name,…
- Lists one or more authorization IDs.
- PUBLIC
- Grants the privileges to a set of users (authorization IDs). For more information, see Authorization, privileges and object ownership.
- WITH GRANT OPTION
- Allows the specified authorization-names to
grant privileges on the XSR objects specified in the ON clause to
other users.
If WITH GRANT OPTION is omitted, the specified authorization-names cannot grant privileges on the XSR objects specified in the ON clause to another user unless they have received that authority from some other source (for example, from a grant of the system authority *OBJMGT).
Notes
GRANT and REVOKE statements assign and remove system authorities for SQL objects. The following table describes the system authorities that correspond to the SQL privileges:
SQL Privilege | Corresponding System Authorities when Granting to or Revoking from an XSR object |
---|---|
ALL (Grant or revoke of ALL grants or revokes only those privileges the authorization ID of the statement has) | *OBJALTER |
ALTER | *OBJALTER |
USAGE | *OBJOPR |
WITH GRANT OPTION | *OBJMGT |
Corresponding System Authorities When Checking Privileges to an XSR Object: The following table describes the system authorities that correspond to the SQL privileges when checking privileges to an XSR object. The left column lists the SQL privilege. The right column lists the equivalent system authorities.
SQL Privilege | Corresponding System Authorities |
---|---|
ALTER | *OBJALTER |
USAGE | *OBJOPR and *EXECUTE and *READ |
Example
Grant the USAGE privilege on XSR object XMLSCHEMA to PUBLIC.
GRANT USAGE
ON XSROBJECT XMLSCHEMA
TO PUBLIC