Security Administration Options

In conjunction with the REVOKE statement, the GRANT statement supports the discretionary access control (DAC) data security feature of HCL OneDB™ by specifying which users or roles hold privileges that are required to access the database or objects within the database.

The Security Administration Options of the GRANT statement, like their counterparts for the REVOKE statement, support an additional set of data security features, called label-based access control (LBAC). These features enable HCL OneDB to allow or withhold access to protected data on the basis of a comparing a row security label or column security label that is contained in the data object to the user security label and other credentials that have been granted to the user who is seeking access.

(1)
Security Administration Options

1  %DBSECADM Clause1
1  %EXEMPTION
Clause2
1  %SECURITY LABEL Clause3
1  %SETSESSIONAUTH
Clause4
Use of these GRANT statement security administration options is restricted:
  • Only the Database Server Administrator (DBSA), by default user informix, or (on UNIX™) a member of the DBSA group, or (on Windows™) a member of the Informix-Admin group, can use the GRANT DBSECADM statement to grant the DBSECADM role.
  • Only a user who holds the DBSECADM role can issue the GRANT EXEMPTION, GRANT SECURITY LABEL, or GRANT SETSESSIONAUTH statements, or the corresponding REVOKE statements.