Similar to Oracle!
There are two types of privileges: database-level privileges (for all objects in the database) and Object-level privileges (associated with specific objects ).
Database-level privileges that users can possess:
- Createtab: You can create tables in the database.
- Bindadd: You can use the BIND command to create packages in the database.
- Connect: you can connect to the database.
- Create_not_fenced: You can create unfenced user-defined functions (udfs ).
- Implicit_schema: You can implicitly create a schema in a database without using the create schema command.
- Load: you can load data into a table.
- Quiesce_connect: You can access a database in the silent State.
- Create_external_routine: the process that can be used by other users who can create the application and database.
-
Privileged name |
Related objects |
Description |
Control |
Tables, views, indexes, packages, aliases, different types, user-defined functions, Sequences |
All permissions on objects are provided. Users with such privileges can also grant or revoke the privileges on objects to other users. |
Delete |
Tables and views |
Allows users to delete records from objects. |
Insert |
Tables and views |
Allows you to insert records into objects using the insert or import command. |
Select |
Tables and views |
Provides the ability to view object content using the selection statement. |
Update |
Tables and views |
You can use the update statement to modify records in an object. |
Alter |
Table |
You can use the change statement to change the object definition. |
Index |
Table |
You can use the index creation statement to create an index on an object. |
References |
Table |
Allows you to create or delete foreign key constraints on an object. |
Bind |
Package |
Allows you to rebind existing packages. |
Execute |
Packages, processes, functions, and methods |
Allows users to execute packages and routines. |
Alterin |
Mode |
Allows you to modify the object definition in the mode. |
Createin |
Mode |
Allows users to create objects in the mode. |
Dropin |
Mode |
Allows you to delete objects in the mode. |
Information about object-level privileges is stored in the system catalog view. View name issyscat.tabauth
,syscat.colauth
,syscat.indexauth
,syscat.schemaauth
,syscat.routineauth
Andsyscat.packageauth
.
It is also controlled through grant... to, revoke... from.
It is found that the select format in DB2 CLR is still good. It is not as long as Oracle sqlplus, but also requires typographical layout.
Implicit privilege
Generally, the Creator automatically has the corresponding permissions.
Indirect privilege
That is, you can obtain the corresponding object operation permission through the execution right of procedure.
Tag-Based Access Control lbac
Some configuration work is required, similar to Oracle, to control data to rows or columns.