The Execute privilege enables users to invoke a routine. The routine might be invoked by the EXECUTE or CALL statements, or by using a function in an expression. The following users have a default Execute privilege, which enables them to invoke a routine:
Routines have the following GRANT and REVOKE requirements:
A DBA or the routine owner must explicitly grant the Execute privilege to non-DBA users for the following conditions:
An owner can restrict the Execute privilege on a routine even though the database server grants that privilege to public by default. To do this, issue the REVOKE EXECUTION ON PUBLIC statement. The DBA and owner can still execute the routine and can grant the Execute privilege to specific users, if applicable.
The following example demonstrates both limiting privileges for a function and its negator to one group of users. Suppose you create the following pair of negator functions:
CREATE FUNCTION greater(y PERCENT, z PERCENT) RETURNS BOOLEAN NEGATOR= less(y PERCENT, z PERCENT) . . . CREATE FUNCTION less(y PERCENT, z PERCENT) RETURNS BOOLEAN NEGATOR= greater(y PERCENT, z PERCENT)
By default, any user can execute both the function and negator. The following statements allow only accounting to execute these functions:
REVOKE EXECUTE ON greater FROM PUBLIC REVOKE EXECUTE ON less FROM PUBLIC GRANT ROLE accounting TO mary, jim, ted GRANT EXECUTE ON greater TO accounting GRANT EXECUTE ON less TO accounting
A user might receive the Execute privilege accompanied by the WITH GRANT option authority to grant the Execute privilege to other users. If a user loses the Execute privilege on a routine, the Execute privilege is also revoked from all users who were granted the Execute privilege by that user.
For more information, see the GRANT and REVOKE statements in the IBM Informix: Guide to SQL Syntax.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]