GRANT (package privileges)
This form of the GRANT statement grants privileges on packages.
Syntax
>>-GRANT--+-ALL-----------------+--ON--PACKAGE------------------> | .-,---------------. | | V | | '---+-BIND--------+-+-' +-COPY--------+ '-+-EXECUTE-+-' '-RUN-----' .-,-------------------------------. V | >----collection-id.-+-package-name-+-+--------------------------> '-*------------' .-,----------------------. V | >--TO----+-authorization-name-+-+--+-------------------+------->< +-ROLE--role-name----+ '-WITH GRANT OPTION-' '-PUBLIC-------------'
Description
- BIND
- Grants
the privilege to use the BIND and REBIND subcommands for the designated
packages.
The BIND package privilege can also be used to allow a user to add a new version of an existing package. For details on the authorization required to create new packages and new versions of existing packages, see Notes.
- COPY
- Grants the privilege to use the COPY option of the BIND subcommand for the designated packages.
- EXECUTE
- Grants the privilege to run application programs that use the designated packages and to specify the packages following PKLIST for the BIND PLAN and REBIND PLAN commands. RUN is an alternate name for the same privilege.
- ALL
- Grants all package privileges for which you have GRANT authority for the packages named in the ON clause.
- ON PACKAGE collection-id.package-name,...
- Identifies
packages for which you are granting privileges. The granting of a
package privilege applies to all versions of a package. The list can
simultaneously contain items of the following two forms:
- collection-id.package-name explicitly identifies a single package. The name must identify a package that exists at the current server.
- collection-id.* applies to every package
in the indicated collection. This includes packages that currently
exist and future packages. The grant applies to a collection at the
current server, but the collection-id does
not have to identify a collection that exists when the grant is made.
To grant a privilege in this form requires PACKADM with the WITH GRANT OPTION over the collection or all collections, SYSADM, or SYSCTRL authority. Because of this fact, WITH GRANT OPTION, if included in the statement, is ignored for grants of this form, but not for grants for specific packages.
- TO
- Refer to GRANT for a description of the TO clause.
- WITH GRANT OPTION
- Refer to GRANT for a description of the WITH GRANT OPTION clause.
Notes
The authorization required to add a new package or a new version of an existing package depends on the value of field BIND NEW PACKAGE on installation panel DSNTIPP. The default value is BINDADD.
If the value of BIND NEW PACKAGE is BINDADD, the owner must have one of the following to add a new package or a new version of an existing package to a collection:
- The BINDADD system privilege and either the CREATE IN privilege or PACKADM authority for the collection or for all collections
- SYSADM or SYSCTRL authority
If the value of BIND NEW PACKAGE is BIND, the owner must have one of the following to add a new package or a new version of an existing package to a collection:
- The BINDADD system privilege and either the CREATE IN privilege or PACKADM authority for the collection or for all collections
- SYSADM or SYSCTRL authority
- PACKADM authority for the collection or for all collections
- Users with the BIND package privilege can also add a new version of an existing package
Alternative syntax and synonyms: To provide compatibility with previous releases of DB2 or other products in the DB2 family, DB2 supports specifying PROGRAM as a synonym for PACKAGE.
Examples
GRANT COPY ON PACKAGE DSN8CC61.* TO LEWIS;
GRANT ALL ON PACKAGE CLCT1.PKG1, CLCT2.PKG2 TO JONES;
GRANT EXECUTE ON PACKAGE DSN9CC13.* TO ROLE ROLE1;