This form of the GRANT statement grants the USAGE privilege
on a workload.
Invocation
This statement can be embedded
in an application program or issued through the use of dynamic SQL
statements. It is an executable statement that can be dynamically
prepared only if DYNAMICRULES run behavior is in effect for the package
(SQLSTATE 42509).
Authorization
The privileges
held by the authorization ID of the statement must include ACCESSCTRL,
SECADM, or WLMADM authority.
Syntax
>>-GRANT--USAGE--ON--WORKLOAD--workload-name-------------------->
.-,---------------------------------.
V |
>--TO----+-+-------+--authorization-name-+-+-------------------><
| +-USER--+ |
| +-GROUP-+ |
| '-ROLE--' |
'-PUBLIC------------------------'
Description
- USAGE
- Grants the privilege to use a workload. Units of work that are
submitted by a user will only be mapped to a workload on which the
user has USAGE privilege. A user with SYSADM or DBADM authority automatically
has USAGE privilege on any workload that exists at the current server.
- ON WORKLOAD workload-name
- Identifies the workload on which the USAGE privilege is to be
granted. This is a one-part name. The workload-name must
identify a workload that exists at the current server (SQLSTATE 42704).
The name cannot be 'SYSDEFAULTADMWORKLOAD' (SQLSTATE 42832).
- TO
- Specifies to whom the USAGE privilege is granted.
- USER
- Specifies that the authorization-name identifies
a user.
- GROUP
- Specifies that the authorization-name identifies
a group.
- ROLE
- Specifies that the authorization-name identifies
an existing role at the current server (SQLSTATE 42704).
- authorization-name,...
- Lists the authorization IDs of one or more users, groups, or roles.
The list of authorization IDs cannot include the authorization ID
of the user issuing the statement (SQLSTATE 42502).
- PUBLIC
- Grants the USAGE privilege to a set of users (authorization IDs).
For more information, see "Authorization, privileges, and object
ownership".
Rules
- For each authorization-name specified, if
none of the keywords USER, GROUP, or ROLE is specified:
- If the security plug-in in effect for the instance cannot determine
the status of the authorization-name, an error
is returned (SQLSTATE 56092).
- If the authorization-name is defined as ROLE
in the database and as either GROUP or USER in the operating system,
an error is returned (SQLSTATE 56092).
- If the authorization-name is defined as both
USER and GROUP according to the security plug-in in effect,
an error is returned (SQLSTATE 56092).
- If the authorization-name is defined as USER
only according to the security plug-in in effect, or if it
is undefined, USER is assumed.
- If the authorization-name is defined as GROUP
only according to the security plug-in in effect, GROUP is
assumed.
- If the authorization-name is defined in the
database as ROLE only, ROLE is assumed.
Notes
- The GRANT statement does not take effect until it is committed,
even for the connection that issues the statement.
- If the database is created with the RESTRICT option, the USAGE
privilege of the default user workload, SYSDEFAULTUSERWORKLOAD, must
be granted explicitly by a user that has DBADM authority. If the database
is created without the RESTRICT option, the USAGE privilege of SYSDEFAULTUSERWORKLOAD
is granted to PUBLIC at database creation time.
Example
Grant user LISA the ability to
use the workload CAMPAIGN.
GRANT USAGE ON WORKLOAD CAMPAIGN TO USER LISA