DB2 10.5 for Linux, UNIX, and Windows

GRANT (role) statement

This form of the GRANT statement grants roles to users, groups, or to other roles.

Invocation

This statement can be embedded in an application program or issued through the use of dynamic SQL statements. It is an executable statement that can be dynamically prepared only if DYNAMICRULES run behavior is in effect for the package (SQLSTATE 42509).

Authorization

The privileges held by the authorization ID of the statement must include at least one of the following authorities:
  • The WITH ADMIN OPTION on the role
  • SECADM authority
SECADM authority is required to grant the WITH ADMIN OPTION to an authorization-name.

Syntax

Read syntax diagramSkip visual syntax diagram
                    .-,---------.   
          .-ROLE-.  V           |   
>>-GRANT--+------+----role-name-+------------------------------->

       .-,---------------------------------.   
       V                                   |   
>--TO----+-+-------+--authorization-name-+-+-------------------->
         | +-USER--+                     |     
         | +-GROUP-+                     |     
         | '-ROLE--'                     |     
         '-PUBLIC------------------------'     

>--+-------------------+---------------------------------------><
   '-WITH ADMIN OPTION-'   

Description

ROLE role-name,...
Identifies one or more roles to be granted. Each role-name must identify an existing role at the current server (SQLSTATE 42704).
TO
Specifies to whom the role is granted.
USER
Specifies that the authorization-name identifies a user.
GROUP
Specifies that the authorization-name identifies a group.
ROLE
Specifies that the authorization-name identifies an existing role at the current server (SQLSTATE 42704).
authorization-name,...
Lists the authorization IDs of one or more users, groups, or roles. The list of authorization IDs cannot include the authorization ID of the user issuing the statement (SQLSTATE 42502).
PUBLIC
Grants the specified roles to a set of users (authorization IDs).
WITH ADMIN OPTION
Allows the specified authorization-name to grant or revoke the role-name to or from others, or to associate a comment with the role. It does not allow the specified authorization-name to drop the role.

Rules

Notes

Examples