ACCESSCTRL administrative authority
The ACCESSCTRL authority allows you to grant explicit privileges to authorization IDs or roles by issuing SQL GRANT statements. It enables you to grant privileges on all objects and resources, except the CREATE_SECURE_OBJECT privilege and the system DBADM, DATAACCESS, and ACCESSCTRL authorities.
With the ACCESSCTRL authority, you can use the BY clause to revoke explicitly granted privileges from authorization IDs or roles, except the CREATE_SECURE_OBJECT privilege and the system DBADM, DATAACCESS, and ACCESSCTRL authorities. In addition, you have implicit SELECT access on all catalog tables and implicit INSERT, DELETE, and UPDATE privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES).
Only an authorization ID or a role with the SECADM authority can grant or revoke the ACCESSCTRL authority. Revoking the ACCESSCTRL authority does not revoke the privileges that it has already granted.
The following tables summarizes any included authorities, and privileges held and grantable to others, by the ACCESSTRL administrative authority.
| Included authorities | None |
|---|---|
| Additional grantable privileges | Privileges on all catalog tables: SELECT
Privileges on updatable catalog tables (except SYSIBM.SYSAUDITPOLICIES):DELETE INSERT UPDATE
Privileges on security:GRANT REVOKE
|
