DB2 Version 9.7 for Linux, UNIX, and Windows

Granting privileges

To grant privileges on most database objects, you must have ACCESSCTRL authority, SECADM authority, or CONTROL privilege on that object; or, you must hold the privilege WITH GRANT OPTION. Additionally, users with SYSADM or SYSCTRL authority can grant table space privileges. You can grant privileges only on existing objects.

About this task

To grant CONTROL privilege to someone else, you must have ACCESSCTRL or SECADM authority. To grant ACCESSCTRL, DATAACCESS, DBADM or SECADM authority, you must have SECADM authority.

The GRANT statement allows an authorized user to grant privileges. A privilege can be granted to one or more authorization names in one statement; or to PUBLIC, which makes the privileges available to all users. Note that an authorization name can be either an individual user or a group.

On operating systems where users and groups exist with the same name, you should specify whether you are granting the privilege to the user or group. Both the GRANT and REVOKE statements support the keywords USER, GROUP, and ROLE. If these optional keywords are not used, the database manager checks the operating system security facility to determine whether the authorization name identifies a user or a group; it also checks whether an authorization ID of type role with the same name exists. If the database manager cannot determine whether the authorization name refers to a user, a group, or a role, an error is returned. The following example grants SELECT privileges on the EMPLOYEE table to the user HERON:
     GRANT SELECT
      ON EMPLOYEE TO USER HERON
The following example grants SELECT privileges on the EMPLOYEE table to the group HERON: 
   GRANT SELECT
      ON EMPLOYEE TO GROUP HERON
In the Control Center, you can use the Schema Privileges notebook, the Table Space Privileges notebook, and the View Privileges notebook to grant and revoke privileges for these database objects. To open one of these notebooks, follow these steps:
  1. In the Control Center, expand the object tree until you find the folder containing the objects you want to work with, for example, the Views folder.
  2. Click the folder.

    Any existing database objects in this folder are displayed in the contents pane.

  3. Right-click the object of interest in the contents pane and select Privileges in the pop-up menu.

    The appropriate Privileges notebook opens.

Parent topic: Granting and revoking access
Related reference:
GRANT (database authorities) statement
GRANT (global variable privileges) statement
GRANT (index privileges) statement
GRANT (package privileges) statement
GRANT (routine privileges) statement
GRANT (schema privileges) statement
GRANT (sequence privileges) statement
GRANT (server privileges) statement
GRANT (SETSESSIONUSER privilege) statement
GRANT (table, view, or nickname privileges) statement
GRANT (table space privileges) statement
GRANT (workload privileges) statement
GRANT (XSR object privileges) statement