GRANT Access Module Execution Privilege

The GRANT Access Module Execution Privilege authorization statement gives one or more users or groups the privilege of executing a specified access module. The GRANT EXECUTE statement is a CA IDMS extension of the SQL standard.
idmscu19
The GRANT Access Module Execution Privilege authorization statement gives one or more users or groups the privilege of executing a specified access module. The GRANT EXECUTE statement is a CA IDMS extension of the SQL standard.
This article describes the following information:
2
2
Authorization
To grant access module execution privilege, you must own the access module, hold grantable privilege on the access module, or hold DBADMIN privilege on the dictionary that contains the access module.
Syntax
  ►►─── GRANT EXECUTE ──────────────────────────────────────────────────────────►  ►─── ON ACCESS MODULE ─┬────────────────┬─ 
access-module-name
 ───────────────►                         └─ 
schema-name
. ─┘           ┌─────────────── , ──────────────┐  ►─── TO ─▼─┬─ PUBLIC ───────────────────┬─┴──────────────────────────────────►             └─ 
authorization-identifier
 ─┘  ►─┬─────────────────────┬────────────────────────────────────────────────────►◄    └─ WITH GRANT OPTION ─┘  
Parameters
  • ON ACCESS MODULE
    access-module-name
    Specifies the access module to which the EXECUTE privilege applies.
    • schema-name
      Identifies the schema associated with
      access-module-name
      .
      If you do not specify
      schema-name
      , it defaults to the current schema in effect for your SQL session.
  • TO
    Identifies the users to whom you are giving the EXECUTE privilege.
  • PUBLIC
    Specifies all users.
  • authorization-identifier
    Identifies a user or group. For expanded
    authorization-identifier
    syntax, see Expansion of Authorization-identifier.
  • WITH GRANT OPTION
    Gives the privilege of granting the EXECUTE privilege on the named access module to the users identified in the TO parameter. The owner of the resource, a holder of the applicable DBADMIN privilege, or a holder of SYSADMIN privilege can specify WITH GRANT OPTION
    A privilege granted with the WITH GRANT OPTION is called a grantable privilege.
Usage
Multiple Access Modules in One GRANT EXECUTE Statement
You can grant privileges on multiple access modules in a single GRANT statement by using an asterisk (*) as a wildcard character. A wildcard character represents one or more characters omitted from a string.
If used, the asterisk must be the last character in
access-module-name
. If
access-module-name
ends with an asterisk, the name represents all the access modules whose names match the pattern established.
For example, the access module name TST* in a GRANT EXECUTE statement represents all access modules whose names start with TST in the specified or current schema.
Duration of Privileges
Users hold the EXECUTE privilege granted on an access module until the privilege is explicitly taken away by means of the REVOKE Execution Privilege statement.
Privileges Granted to Groups
When you grant a privilege to a group, each user in the group holds the privilege. If you subsequently add a user to the group, that user also holds the privilege. If you drop a user from the group, that user longer holds the privilege.
Access Modules in Categories
Although you can grant the EXECUTE privilege on a specified access module, the more typical method is to grant the privilege on a category that includes multiple access modules. The use of categories for granting the EXECUTE privilege reduces overhead and provides better performance in a multiuser environment.
Executing an Access Module
To execute an access module, the
owner
of the access module must have the authority to execute all statements in the access module.
To execute an access module, a user other than the owner must:
  • Hold the EXECUTE privilege on the access module
  • If CA IDMS internal security is in effect, the owner of the access module must have the right to grant the privileges necessary to execute the SQL statements in the access module
  • If external security is in effect, the executing user must have the authority to execute statements in the access module
Example
Granting the EXECUTE Privilege
The following GRANT EXECUTE statement gives the EXECUTE privilege on all access modules in the HR schema that begin with EMP to the users in the groups PER_GRP_1 and PER_GRP_2:
grant execute    on access module hr.emp*    to per_grp_1, per_grp_2;
More Information