GRANT (table or view privileges)

This form of the GRANT statement grants privileges on tables and views.

Syntax

Read syntax diagram
                 .-PRIVILEGES-.                             
>>-GRANT--+-ALL--+------------+-------------------------+------->
          | .-,---------------------------------------. |   
          | V                                         | |   
          '---+-ALTER-------------------------------+-+-'   
              +-DELETE------------------------------+       
              +-INDEX-------------------------------+       
              +-INSERT------------------------------+       
              +-REFERENCES--+---------------------+-+       
              |             |   .-,-----------.   | |       
              |             |   V             |   | |       
              |             '-(---column-name-+-)-' |       
              +-SELECT------------------------------+       
              +-TRIGGER-----------------------------+       
              '-UPDATE--+---------------------+-----'       
                        |   .-,-----------.   |             
                        |   V             |   |             
                        '-(---column-name-+-)-'             

                  .-,--------------.   
       .-TABLE-.  V                |   
>--ON--+-------+----+-table-name-+-+---------------------------->
                    '-view-name--'     

       .-,----------------------.                          
       V                        |                          
>--TO----+-authorization-name-+-+--+-------------------+-------><
         +-ROLE--role-name----+    '-WITH GRANT OPTION-'   
         '-PUBLIC-------------'                            

Description

ALL or ALL PRIVILEGES
Grants all table or view privileges for which you have GRANT authority, for the tables and views named in the ON clause.

If you do not use ALL, you must use one or more of the keywords in the following list. For each keyword that you use, you must have GRANT authority for that privilege on every table or view identified in the ON clause.

ALTER
Grants the privilege to alter the specified table or create a trigger on the specified table. ALTER cannot be used if the statement identifies an auxiliary table or a view.
DELETE
Grants the privilege to delete rows in the specified table or view. DELETE cannot be granted on an auxiliary table.
INDEX
Grants the privilege to create an index on the specified table. INDEX cannot be granted on a view.
INSERT
Grants the privilege to insert rows into the specified table or view. INSERT cannot be granted on an auxiliary table.
REFERENCES
Grants the privilege to add a referential constraint in which the specified table is a parent. If a list of column names is not specified or if REFERENCES is granted via the specification of ALL PRIVILEGES, the grantee can define referential constraints using all columns of the table as a parent key, even those added later via the ALTER TABLE statement. This privilege cannot be granted on a view or auxiliary table.
REFERENCES(column-name,...)
Grants the privilege to add or drop a referential constraint in which the specified table is a parent using only those columns that are specified in the column list as a parent key. Each column-name must be an unqualified name that identifies a column of the table identified in the ON clause. This privilege cannot be granted on a view or auxiliary table.
SELECT
Grants the privilege to create a view or read data from the specified table or view. SELECT cannot be granted on an auxiliary table.
TRIGGER
Grants the privilege to create a trigger on the specified table. TRIGGER cannot be granted on an auxiliary table or a view.
UPDATE
Grants the privilege to update rows in the specified table or view. UPDATE cannot be granted on an auxiliary table.
UPDATE(column-name,...)
Grants the privilege to update only the columns named. Each column-name must be the unqualified name of a column of every table or view identified in the ON clause. Each column-name must not identify a column of an auxiliary table.
ON table-name or view-name
Specifies the tables or views on which you are granting the privileges. The list can be a list of table names or view names, or a combination of the two. A declared temporary table and a table that is implicitly created for an XML column must not be identified.

If you use GRANT ALL, then for each named table or view, the privilege set (described in "Authorization" in GRANT) must include at least one privilege with the GRANT option.

TO
Refer to GRANT for a description of the TO clause.
WITH GRANT OPTION
Refer to GRANT for a description of the WITH GRANT OPTION clause.

Notes

The REFERENCES privilege does not replace the ALTER privilege. It was added to conform to the SQL standard. To define a foreign key that references a parent table, you must have either the REFERENCES or the ALTER privilege, or both.

Start of changeFor a created temporary table, only ALL or ALL PRIVILEGES can be granted. Specific table privileges cannot be granted. In addition, only the ALTER, DELETE, INSERT, and SELECT privileges apply to a created temporary table.End of change

Start of changeFor a view of a created temporary table, either ALL or the specific UPDATE, DELETE, INSERT and SELECT privileges can be granted. When ALL is specified only the UPDATE, DELETE, INSERT, and SELECT privileges apply to a view on created temporary table. However, the UPDATE operation of the view is not allowed.End of change

To grant table privileges on a created temporary table, the privilege set must include one of the following:

  • SYSADM
  • DBADM on DSNDB06
  • Ownership of the created temporary table

To grant table privileges on a view of a created temporary table, the privilege set must include one of the following:

  • SYSADM
  • ownership of the created temporary table

For a declared temporary table, no privileges can be granted. When a declared temporary table is defined, PUBLIC implicitly receives all table privileges (without GRANT authority) for the table. These privileges are not recorded in the DB2 catalog, and they cannot be revoked.

For an auxiliary table, only the INDEX privilege can be granted. DELETE, INSERT, SELECT, and UPDATE privileges on the base table that is associated with the auxiliary table extend to the auxiliary table.

  • ALTER
  • INDEX
  • REFERENCES
  • TRIGGER

Examples

Example 1: Grant SELECT privileges on table DSN8A10.EMP to user PULASKI.
   GRANT SELECT ON DSN8A10.EMP TO PULASKI;
Example 2: Grant UPDATE privileges on columns EMPNO and WORKDEPT in table DSN8A10.EMP to all users at the current server.
   GRANT UPDATE (EMPNO,WORKDEPT) ON TABLE DSN8A10.EMP TO PUBLIC;
Example 3: Grant all privileges on table DSN8A10.EMP to users KWAN and THOMPSON, with the WITH GRANT OPTION.
   GRANT ALL ON TABLE DSN8A10.EMP TO KWAN,THOMPSON WITH GRANT OPTION;
Example 4: Grant the SELECT and UPDATE privileges on the table DSN8A10.DEPT to every user in the network.
   GRANT SELECT, UPDATE ON TABLE DSN8A10.DEPT
     TO PUBLIC;

Even with this grant, it is possible that some network users do not have access to the table at all, or to any other object at the subsystem where the table exists. Controlling access to the subsystem involves the communications databases at the subsystems in the network. The tables for the communication databases are described in DB2 catalog tables. Controlling access is described in DB2 Administration Guide.

Example 5: Grant ALTER privileges on table DSN9910.EMP to role ROLE1:
   GRANT ALTER ON TABLE DSN9910.EMP TO ROLE ROLE1;