GRANT Area Access Privileges

Gives one or more users or groups access to an area of the database.
idms
Gives one or more users or groups access to an area of the database.
GRANT Area Access Privileges Authorization
To grant an area access privilege, you must hold one of these privileges:
  • The grantable area access privilege on the area (you can grant the privilege, but you cannot specify WITH GRANT OPTION)
  • DBADMIN on DB
    segment-name
  • SYSADMIN
You must be connected to the system dictionary when you issue the statement.
GRANT Area Access Privileges Syntax
             ┌────── , ───────┐ ►►─── GRANT ─▼─┬─ DBAREAD ──┬─┴───────────────────────────────────────────────►                ├─ DBAWRITE ─┤                └─ USE ──────┘    ►─── ON AREA 
segment-name
.
area-name
 ─────────────────────────────────────────►             ┌─────────────── , ──────────────┐  ►─── TO ─▼─┬─ PUBLIC ───────────────────┬─┴──────────────────────────────────►             └─ 
authorization-identifier
 ─┘    ►─┬─────────────────────┬────────────────────────────────────────────────────►◄    └─ WITH GRANT OPTION ─┘
GRANT Area Access Privileges Parameters
 
  • DBAREAD
    Specifies that you are giving DBAREAD privilege on the area identified in the ON parameter to the users or groups specified in the TO parameter.
    A user with DBAREAD privilege can execute database utilities that perform read-only functions in the specified area.
  • DBAWRITE
    Specifies that you are giving DBAWRITE privilege on the area identified in the ON parameter to the users or groups specified in the TO parameter.
    A user with DBAWRITE privilege can execute database utilities that perform read-write functions in the specified area.
    DBAWRITE privilege does
    not
    imply DBAREAD privilege. You must give both privileges to users or groups who need to execute all utilities.
  • USE
    Specifies that you are giving USE privilege on the area identified in the ON parameter to the users or groups specified in the TO parameter.
    A user with USE privilege can create an SQL table or index in the specified area.
  • ON AREA
    segment-name
    .
    area-name
    Identifies the area to which the specified area access privileges apply.
    You can wildcard
    area-name
    . You cannot wildcard
    segment-name
    . The wildcard character is valid after the period following
    segment-name
    .
    For more information on wildcarding, see Using a Wildcard.
  • TO
    Specifies the users or groups to whom you are giving area access privileges.
  • PUBLIC
    Specifies all users.
  • authorization-identifier
    Identifies a user or group.
    Expanded syntax for
    authorization-identifier
    is presented in Notes on Security Statement Syntax.
  • WITH GRANT OPTION
    Gives the privilege of granting the specified area access privileges to the users or groups identified in the TO parameter. Only a user with DBADMIN privilege on
    segment-name
    or with SYSADMIN privilege can specify WITH GRANT OPTION.
    A privilege granted with the WITH GRANT OPTION is called a grantable privilege.
Granting All Area Access Privileges
The following statement grants all area access privileges to the specified users:
on area gl."account-area" to matt, alex;
GRANT Area Access Privileges More Information
For more information on revoking the privilege to access an area, see REVOKE Area Access Privileges.