REVOKE ACCESS Module Execution Privilege

The REVOKE Execution Privilege authorization statement removes the permission of executing a specified access module, from one or more users or groups. REVOKE Execution Privilege is a CA IDMS extension of the SQL standard.
idmscu19
The REVOKE Execution Privilege authorization statement removes the permission of executing a specified access module, from one or more users or groups. REVOKE Execution Privilege is a CA IDMS extension of the SQL standard.
Authorization
You must own the schema associated with the access module, hold GRANT privilege on the access module, or hold DBADMIN privilege on the dictionary that contains the access module.
Syntax
  ►►─── REVOKE EXECUTE ─────────────────────────────────────────────────────────►  ►─── ON ACCESS MODULE ─┬────────────────┬─ 
access-module-name
 ───────────────►                         └─ 
schema-name
. ─┘             ┌─────────────── , ──────────────┐  ►─── FROM ─▼─┬─ PUBLIC ───────────────────┬─┴────────────────────────────────►◄               └─ 
authorization-identifier
 ─┘  
Parameters
  • ON ACCESS MODULE
    access-module-name
    Specifies the access module to which the EXECUTE privilege applies.
    • schema-name
      Identifies the schema associated with
      access-module-name
      . If you do not specify
      schema-name
      , it defaults to the current schema in effect for your SQL session.
  • FROM
    Identifies the users from whom you are removing the EXECUTE privilege.
  • PUBLIC
    Specifies all users.
    The privilege must previously have been granted to PUBLIC.
  • authorization-identifier
    Identifies a user or group.
    The privilege must previously have been granted to
    authorization-identifier
    . For expanded
    authorization-identifier
    syntax, see Expansion of Authorization-identifier.
Usage
Revoking Privileges
A user can hold a privilege on a resource through multiple resource names (for example, through the use of wildcards) or through multiple authorization identifiers (for example, through two different group identifiers). A REVOKE statement revokes the privileges specified in the statement only on the specified resource name and only from the specified authorization identifier.
For example, suppose:
  • User PKB is in the group SALES_ADMIN
  • PKB has been granted the EXECUTE privilege on the access module name SALES_SCH.SALESFCT
  • SALES_ADMIN has been granted the EXECUTE privilege on all access module named SALES_SCH.SALES* where * is a wildcard character
You can revoke the EXECUTE privilege on SALESFCT from the user identifier PKB. However, PKB can still execute an access module by that name in the SALES_SCH schema because PKB is a member of SALES_ADMIN.
Example
Revoking the EXECUTE Privilege
The following REVOKE EXECUTE statement removes the EXECUTE privilege on all access modules associated with schema HR that begin with 'EMP' from the users in group PER_GRP_2:
revoke execute    on access module hr.emp*    from per_grp_2;
More Information