DATAACCESS is the authority that allows access to data
within a specific database.
DATAACCESS authority can be granted only by the security administrator
(who holds SECADM authority). It can be granted to a user, a group,
or a role. PUBLIC cannot obtain the DATAACCESS authority either directly
or indirectly.
For all tables, views, materialized query tables, and nicknames
it gives these authorities and privileges:
- LOAD authority on the database
- SELECT privilege (including system catalog tables and views)
- INSERT privilege
- UPDATE privilege
- DELETE privilege
In addition, DATAACCESS authority provides the following privileges:
- EXECUTE on all packages
- EXECUTE on all routines (except audit routines, the SET_MAINT_MODE_RECORD_NO_TEMPORALHISTORY
procedure, the ADMIN_SET_MAINT_MODE procedure, and the encryption
related routines ADMIN_ROTATE_MASTER_KEY and ADMIN_GET_ENCRYPTION_INFO)
- EXECUTE on all modules
- READ on all global variables and WRITE on all global
variables except variables which are read-only
- USAGE on all XSR objects
- USAGE on all sequences