Security Administration Options

In conjunction with the REVOKE statement, the GRANT statement supports the discretionary access control (DAC) data security feature of Informix® by specifying which users or roles hold privileges that are required to access the database or objects within the database.

The Security Administration Options of the GRANT statement, like their counterparts for the REVOKE statement, support an additional set of data security features, called label-based access control (LBAC). These features enable Informix® to allow or withhold access to protected data on the basis of a comparing a row security label or column security label that is contained in the data object to the user security label and other credentials that have been granted to the user who is seeking access.

(explicit id sao002) sao002 (explicit id sao003) sao003 (explicit id sao004) sao004 (explicit id sao005) sao005 (explicit id sao006) sao006
Use of these GRANT statement security administration options is restricted:
  • Only the Database Server Administrator (DBSA), by default user informix, or (on UNIX) a member of the DBSA group, or (on Windows) a member of the Informix-Admin group, can use the GRANT DBSECADM statement to grant the DBSECADM role.
  • Only a user who holds the DBSECADM role can issue the GRANT EXEMPTION, GRANT SECURITY LABEL, or GRANT SETSESSIONAUTH statements, or the corresponding REVOKE statements.
1 Informix® extension