To grant privileges on most database
objects, you must have ACCESSCTRL authority, SECADM authority, or
CONTROL privilege on that object; or, you must hold the privilege
WITH GRANT OPTION. Additionally, users with SYSADM or SYSCTRL authority
can grant table space privileges. You can grant privileges only on
existing objects.
About this task
To grant CONTROL privilege to someone else, you must have ACCESSCTRL or SECADM authority.
To grant ACCESSCTRL, DATAACCESS, DBADM or SECADM authority, you must have SECADM authority. The
GRANT statement allows an authorized user to grant privileges. A privilege can be granted to one or
more authorization names in one statement; or to PUBLIC, which makes the privileges available to all
users. Note that an authorization name can be either an individual user or a group.
On operating systems where users and groups exist with the same name, you
should specify whether you are granting the privilege to the user or group. Both the GRANT and
REVOKE statements support the keywords USER, GROUP, and ROLE. If these optional keywords are not
used, the database manager checks the operating system security facility to determine whether the
authorization name identifies a user or a group; it also checks whether an authorization ID of type
role with the same name exists. If the database manager cannot determine whether the authorization
name refers to a user, a group, or a role, an error is returned. The following example grants SELECT
privileges on the EMPLOYEE table to the user
HERON:
GRANT SELECT
ON EMPLOYEE TO USER HERON
The following example grants SELECT privileges on the EMPLOYEE table to the group HERON:
GRANT SELECT
ON EMPLOYEE TO GROUP HERON
Note:
WITH GRANT OPTION is ignored when granting database authorities, index privileges, schema
authorities (SCHEMAADM, ACCESSCTRL, DATAACCESS, LOAD) and CONTROL privilege on tables or views.