To grant privileges on most database
objects, you must have ACCESSCTRL authority, SECADM authority, or
CONTROL privilege on that object; or, you must hold the privilege
WITH GRANT OPTION. Additionally, users with SYSADM or SYSCTRL authority
can grant table space privileges. You can grant privileges only on
existing objects.
About this task
To grant CONTROL privilege to someone else, you must have
ACCESSCTRL or SECADM authority. To grant ACCESSCTRL, DATAACCESS, DBADM
or SECADM authority, you must have SECADM authority.
The GRANT
statement allows an authorized user to grant privileges. A privilege
can be granted to one or more authorization names in one statement;
or to PUBLIC, which makes the privileges available to all users. Note
that an authorization name can be either an individual user or a group.
On operating systems where users and groups exist
with the same name, you should specify whether you are granting the
privilege to the user or group. Both the GRANT and REVOKE statements
support the keywords USER, GROUP, and ROLE. If these optional keywords
are not used, the database manager checks the operating system security
facility to determine whether the authorization name identifies a
user or a group; it also checks whether an authorization ID of type
role with the same name exists. If the database manager cannot determine
whether the authorization name refers to a user, a group, or a role,
an error is returned. The following example grants SELECT privileges
on the EMPLOYEE table to the user HERON:
GRANT SELECT
ON EMPLOYEE TO USER HERON
The following example
grants SELECT privileges on the EMPLOYEE table to the group HERON:
GRANT SELECT
ON EMPLOYEE TO GROUP HERON
DB2 10.5 for Linux, UNIX, and Windows