Home
SQL programmingYou can use the HCL OneDB™ implementation of the SQL language to develop applications for HCL OneDB™ database servers.
Guide to SQL: SyntaxThe HCL OneDB™ Guide to SQL: Syntax describes the syntax of the statements, data types, expressions, operators, and built-in functions of the HCL OneDB™ dialect of the SQL language.
SQL statementsThis chapter describes the syntax and semantics of SQL statements that are recognized by HCL OneDB™.
GRANT statementUse the GRANT statement to assign access privileges and roles to users and to other roles. Users who hold the DBSECADM role can use this statement to assign user security labels and exemptions from label-based access control (LBAC) security rules.
Routine-Level PrivilegesWhen you create a user-defined routine (UDR), you become owner of the UDR and you automatically receive the Execute privilege on that UDR.
Revoking the Execute privilege from PUBLICThe REVOKE statement supports the following syntax for revoking access to the specified routine from the PUBLIC group, which includes all users who hold the Connect privilege on the database.

Revoking the Execute privilege from PUBLIC

The REVOKE statement supports the following syntax for revoking access to the specified routine from the PUBLIC group, which includes all users who hold the Connect privilege on the database.

Figure 1: REVOKE EXECUTE TO PUBLIC


Element	Description	Restrictions	Syntax
revoker	Owner of the UDR	Cannot be a role	Owner name

This statement prevents the PUBLIC group from receiving Execute privileges on the specified routine by default. (Individual users who hold the DBA privilege, however, or who own the routine, or who were granted Execute privilege on the routine individually or through a role, are not affected by this statement.

Only users who hold the DBA privilege can specify the AS revoker clause. The specified revoker must be the owner of the specified routine, as listed in the owner column of the sysprocedures system catalog table. The name cannot be the name of a role or the PUBLIC keyword.

In an ANSI-compliant database, the AS revoker clause is required, rather than optional, if the DBA who issues the REVOKE EXECUTE statement is not the owner of the specified routine.

In databases where the PUBLIC group holds Execute privilege on owner-privileged routines by default, the REVOKE EXECUTE ON PUBLIC statement must be successfully executed before the discretionary access privilege to execute the specified routine can be granted to a subset of users or to one or more roles. Otherwise, only users with the DBA privilege or the owner of the routine can start it.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.