Schema access control authority (ACCESSCTRL)

Schema ACCESSCTRL authority allows users to grant and revoke privileges on objects within a specific schema and on the schema itself. Schema ACCESSCTRL authority has no inherent privilege to access data stored in any tables or views.

Schema ACCESSCTRL authority can only be granted or revoked by a user holding database SECADM or database ACCESSCTRL authority. A user with schema ACCESSCTRL authority cannot grant or revoke the authority from other users. It can be granted to a user, a group, or a role. However, it cannot be granted with grant option or be granted on any schema whose name begins with the "SYS". Additionally, PUBLIC cannot obtain the schema ACCESSCTRL authority directly or indirectly through a role.

ACCESSCTRL authority gives a user the ability to perform the following operations:

• Grant and revoke the following schema authorities and privileges:
  • SCHEMAADM
  • Schema DATAACCESS
  • Schema LOAD
  • CREATEIN
  • ALTERIN
  • DROPIN
  • UPDATEIN
  • SELECTIN
  • INSERTIN
  • UPDATEIN
  • DELETEIN
  • EXECUTEIN
• Grant and revoke all privileges on the following objects defined in a schema:
  • Global Variable
  • Index
  • Nickname
  • Package
  • Routine (except audit routines)
  • Sequence
  • Table
  • View
  • XSR Objects

The authority is the subset of the database ACCESSCTRL authority with its scope limited only to the schema on which it is granted.