GRANT (type privileges)

This form of the GRANT statement grants privileges on a type.

Invocation

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared.

Authorization

The privileges held by the authorization ID of the statement must include at least one of the following:

  • For each distinct type or array type identified in the statement:
    • Every privilege specified in the statement
    • The system authority of *OBJMGT on the type
    • The system authority *EXECUTE on the library containing the type
  • Start of changeDatabase administrator authorityEnd of change
  • Start of changeSecurity administrator authorityEnd of change

If WITH GRANT OPTION is specified, the privileges held by the authorization ID of the statement must include at least one of the following:

  • Ownership of the type
  • Start of changeDatabase administrator authorityEnd of change
  • Start of changeSecurity administrator authorityEnd of change

Syntax

Read syntax diagramSkip visual syntax diagramGRANTALLPRIVILEGES,ALTERUSAGEON TYPE ,distinct-type-namearray-type-name TO,USERGROUPauthorization-namePUBLIC WITH GRANT OPTION

Description

ALL or ALL PRIVILEGES
Grants one or more privileges. The privileges granted are all those grantable privileges that the authorization ID of the statement has on the specified distinct types or array types. Note that granting ALL PRIVILEGES on a type is not the same as granting the system authority of *ALL.

If you do not use ALL, you must use one or more of the keywords listed below. Each keyword grants the privilege described.

ALTER
Grants the privilege to use the COMMENT and LABEL statement.
USAGE
Grants the privilege to use the type in tables, functions, procedures, or CAST expressions.
ON TYPE distinct-type-name or array-type-name
Identifies the distinct types or array types on which the privilege is granted. The distinct-type-name or array-type-name must identify a user-defined type that exists at the current server.
TO
Indicates to whom the privileges are granted.
Start of changeUSEREnd of change
Start of changeSpecifies that the authorization-name identifies a user profile. If USER is specified, authorization-name must be a user profile.End of change
Start of changeGROUPEnd of change
Start of changeSpecifies that the authorization-name identifies a group profile. If GROUP is specified, authorization-name must be a group profile.End of change
authorization-name,…
Lists one or more authorization IDs.
PUBLIC
Grants the privileges to a set of users (authorization IDs). For more information, see Authorization, privileges and object ownership.
WITH GRANT OPTION
Allows the specified authorization-names to grant privileges on the types specified in the ON clause to other users.

If WITH GRANT OPTION is omitted, the specified authorization-names cannot grant the USAGE privilege to others unless they have received that authority from some other source (for example, from a grant of the system authority *OBJMGT).

Notes

Corresponding System Authorities: GRANT and REVOKE statements assign and remove system authorities for SQL objects. The following table describes the system authorities that correspond to the SQL privileges:

Table 1. Privileges Granted to or Revoked from User-defined Types
SQL Privilege Corresponding System Authorities when Granting to or Revoking from a User-defined Type
ALL (Grant or revoke of ALL grants or revokes only those privileges the authorization ID of the statement has)
*OBJALTER
*OBJOPR
*EXECUTE
*OBJMGT (Revoke only)
ALTER *OBJALTER
USAGE
*EXECUTE
*OBJOPR
WITH GRANT OPTION *OBJMGT

Corresponding System Authorities When Checking Privileges to a User-defined Type: The following table describes the system authorities that correspond to the SQL privileges when checking privileges to a type. The left column lists the SQL privilege. The right column lists the equivalent system authorities.

Table 2. Corresponding System Authorities When Checking Privileges to a User-defined Type
SQL Privilege Corresponding System Authorities when Granting to or Revoking from a User-defined Type
ALTER *OBJALTER
USAGE
*EXECUTE and *OBJOPR

When USAGE privilege is required: USAGE privilege is required when a type is explicitly referenced in an SQL statement. For example, in a statement that contains a CAST specification or in a CREATE TABLE statement. The USAGE privilege is not required when a type is indirectly referenced. For example, when a view references a column of a table that has a distinct data type.

Syntax alternatives: The following keywords are synonyms supported for compatibility to prior releases. These keywords are non-standard and should not be used:

  • The keywords DATA TYPE or DISTINCT TYPE can be used as a synonym for TYPE.

Example

Grant the USAGE privilege on distinct type SHOE_SIZE to user JONES. This GRANT statement does not give JONES the privilege to execute the cast functions that are associated with the distinct type SHOE_SIZE. 

GRANT USAGE
  ON DISTINCT TYPE SHOE_SIZE
  TO JONES