Privileges required for using dynamic SQL statements
An ID needs specific privileges to issue dynamic SQL statements.
| Operation | ID or role | Required privileges |
|---|---|---|
| GRANT | Current SQL ID or role | Any of the following
privileges:
|
| REVOKE | Current SQL ID or role | Must either have granted the privilege that is being revoked, or hold SYSCTRL or SYSADM authority. |
| CREATE, for unqualified object name | Current SQL ID or role | Applicable table, database, or schema privilege |
| Qualify name of object created | ID or role named as owner | Applicable table or database
privilege.  The qualifier
can be any ID at all and does not need to have any privilege if the
current SQL ID or the role (if in a trusted context with the ROLE
AS OBJECT OWNER AND QUALIFIER clause specified) has the SYSADM. system
DBADM, or SYSCTRL authority (wherever applicable) or the DBADM or
DBCTRL authority for the database (wherever applicable). |
| Other dynamic SQL if DYNAMICRULES uses run behavior | All primary IDs, role, secondary IDs, and the current SQL ID together | As required by the statement. Unqualified object names are qualified by the value of the special register CURRENT SQLID. |
| Other dynamic SQL if DYNAMICRULES uses bind behavior | Plan or package owner | As required by the statement. DYNAMICRULES behavior determines how unqualified object names are qualified. |
| Other dynamic SQL if DYNAMICRULES uses define behavior | Function or procedure owner | As required by the statement. DYNAMICRULES behavior determines how unqualified object names are qualified. |
| Other dynamic SQL if DYNAMICRULES uses invoke behavior | ID of the SQL statement that invoked the function or procedure or role | As required by the statement. DYNAMICRULES behavior determines how unqualified object names are qualified. |
