Security Administration Options
In conjunction with the REVOKE statement, the GRANT statement supports the discretionary access control (DAC) data security feature of Informix® by specifying which users or roles hold privileges that are required to access the database or objects within the database.
The Security Administration Options of the GRANT statement, like their counterparts for the REVOKE statement, support an additional set of data security features, called label-based access control (LBAC). These features enable Informix® to allow or withhold access to protected data on the basis of a comparing a row security label or column security label that is contained in the data object to the user security label and other credentials that have been granted to the user who is seeking access.
Security Administration Options
{ <DBSECADM Clause>[] | <EXEMPTION Clause>[] | <SECURITY LABEL Clause>[] | <SETSESSIONAUTH Clause>[] }
- Only the Database Server Administrator (DBSA), by default user informix, or (on UNIX™) a member of the DBSA group, or (on Windows™) a member of the Informix-Admin group, can use the GRANT DBSECADM statement to grant the DBSECADM role.
- Only a user who holds the DBSECADM role can issue the GRANT EXEMPTION, GRANT SECURITY LABEL, or GRANT SETSESSIONAUTH statements, or the corresponding REVOKE statements.