GRANT Access Module Execution Privilege

Gives one or more users or groups the privilege of executing a specified access module.
idms19
Gives one or more users or groups the privilege of executing a specified access module.
GRANT Access Module Execution Privilege Authorization
To grant access module execution privilege, one of the following must be true:
  • You hold grantable execution privilege on the access module (you can grant execution privilege, but you cannot specify WITH GRANT OPTION).
  • You own the schema with which the access module is associated.
  • You hold DBADMIN privilege on the dictionary that contains the access module.
  • You hold SYSADMIN privilege.
You must be connected to the application dictionary that contains the access module when you issue the statement.
GRANT Access Module Execution Privilege Syntax
►►─── GRANT EXECUTE ──────────────────────────────────────────────────────────►    ►─── ON ACCESS MODULE ─┬────────────────┬─ 
access-module-name
 ───────────────►                         └─ 
schema-name
. ─┘             ┌─────────────── , ──────────────┐  ►─── TO ─▼─┬─ PUBLIC ───────────────────┬─┴──────────────────────────────────►             └─ 
authorization-identifier
 ─┘    ►─┬─────────────────────┬────────────────────────────────────────────────────►◄    └─ WITH GRANT OPTION ─┘
GRANT Access Module Execution Privilege Parameters
 
  • ON ACCESS MODULE
    access-module-name
    Identifies the access module to which the EXECUTE privilege applies.
    You can wildcard
    access-module-name
    . If you specify
    schema-name
    , the wildcard character is valid after the period following
    schema-name
    .
    For more information, see Using a Wildcard.
  • TO
    Identifies the users or groups to whom you are giving EXECUTE privilege.
  • PUBLIC
    Specifies all users.
  • authorization-identifier
    Identifies a user or group.
  • WITH GRANT OPTION
    Gives the privilege of granting EXECUTE privilege on the named access module to the users identified in the TO parameter.
    A privilege granted with the WITH GRANT OPTION is called a grantable privilege.
GRANT Access Module Execution Privilege Usage
CA IDMS Internal Security Enforcement
When executing an access module in a database for which CA IDMS internal security is in effect, the
owner
of the access module must either hold the applicable privileges on the table-like objects named in the SQL statements in the module, or own the table-like objects. You own the access module if you own the schema associated with the access module.
For a user who is
not
the owner to execute an access module, these conditions must be satisfied:
  • The user must hold execution privilege on the access module.
  • The owner must either hold the applicable
    grantable
    privileges on the table-like objects named in the SQL statements in the module, or own the table-like objects.
These rules allow you to restrict a user's means of accessing data to application programs. If you grant table access privileges, the user can also access data through the Command Facility.
External Security
When executing an access module in a database for which external security is in effect, the user, regardless of ownership, must hold the applicable privileges on
all
tables accessed by SQL statements in the module, whether accessed directly or indirectly through a view.
Granting Execution Privilege
The following GRANT statement gives execution privilege on all access modules associated with schema HR that begin with 'EMP' to the groups PER_GRP_1 and PER_GRP_2:
grant execute    on access module hr.emp*    to per_grp_1, per_grp_2;
GRANT Access Module Execution Privilege More Information
For more information
about revoking execution privilege
, see REVOKE Access Module Execution Privilege.