Security Administration Options

In conjunction with the REVOKE statement, the GRANT statement supports the discretionary access control (DAC) data security feature of Informix® by specifying which users or roles hold privileges that are required to access the database or objects within the database.

The Security Administration Options of the GRANT statement, like their counterparts for the REVOKE statement, support an additional set of data security features, called label-based access control (LBAC). These features enable Informix to allow or withhold access to protected data on the basis of a comparing a row security label or column security label that is contained in the data object to the user security label and other credentials that have been granted to the user who is seeking access.

Read syntax diagramSkip visual syntax diagram
Security Administration Options

                         (1)           
|--+-| DBSECADM Clause |-----------+----------------------------|
   |                      (2)      |   
   +-| EXEMPTION Clause |----------+   
   |                           (3) |   
   +-| SECURITY LABEL Clause |-----+   
   |                           (4) |   
   '-| SETSESSIONAUTH Clause |-----'   

Notes:
  1. See DBSECADM Clause
  2. See EXEMPTION Clause
  3. See SECURITY LABEL Clause
  4. See SETSESSIONAUTH Clause
Use of these GRANT statement security administration options is restricted:
  • Only the Database Server Administrator (DBSA), by default user informix, or (on UNIX) a member of the DBSA group, or (on Windows) a member of the Informix-Admin group, can use the GRANT DBSECADM statement to grant the DBSECADM role.
  • Only a user who holds the DBSECADM role can issue the GRANT EXEMPTION, GRANT SECURITY LABEL, or GRANT SETSESSIONAUTH statements, or the corresponding REVOKE statements.