Home | Previous Page | Next Page   Managing Databases > Granting and Limiting Access to Your Database > Granting Privileges >

Language-Level Privileges

Dynamic Server supports UDRs written in the built-in Stored Procedure Language (SPL) and also UDRs (referred to as external routines) that are written the C and Java languages. To create any UDR, a user must have RESOURCE privileges in the database. In addition, to create a UDR in the SPL language, a user must also hold the Usage privilege on the SPL language.

SPL Routines

By default, language usage privilege on SPL is are granted to user informix and to users who hold the DBA privilege. Only user informix, however, can grant language usage privileges to other users. Users with the DBA privilege hold language usage privileges, but cannot grant these privileges to other users. Usage privilege to create SPL routines is granted to PUBLIC by default.

The following statement shows how user informix might revoke from PUBLIC but grant to users mays, jones, and freeman permission to create UDRs in SPL: 

REVOKE USAGE ON LANGUAGE SPL FROM PUBLIC
GRANT USAGE ON LANGUAGE SPL TO mays, jones, freeman

Suppose the default Usage privileges on an SPL routine have been revoked from PUBLIC. The following statement shows how a user with the DBA privilege might grant Usage privilege to register SPL routines to users franklin, reeves, and wilson: 

GRANT USAGE ON LANGUAGE SPL TO franklin, reeves, wilson

External Routines

This release of Dynamic Server does not support language-level privileges on external routines that are written in the C or Java language. When the IFX_EXTEND_ROLE configuration parameter to ON, however, equivalent functionality is provided through the built-in EXTEND role, which is required for any user to registe, drop, or replace a UDR or a DataBlade module that is written in the C or Java language.

Only the Database Server Administrator (DBSA), by default user informix, can grant the EXTEND role. Unlike other roles, it is not necessary to activate the EXTEND role with the SET ROLE statement, nor to assign privileges to the EXTEND role with the GRANT statement. When this feature is enabled, however, only users who hold this role can create or drop an external UDR or a DataBlade module.

The DBSA also has the option of disabling this restriction by setting the IFX_EXTEND_ROLE configuration parameter to OFF, or to leave it unset. In this case, any user who holds the RESOURCE privilege on the database can create a UDR written in the C or Java language.

Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]