COPY_AUTH procedure¶
Grants all authorities held by the source to the target, provided they are not already held (i.e. does not “re-grant” authorities already held).
Prototypes¶
COPY_AUTH(SOURCE VARCHAR(128), SOURCE_TYPE VARCHAR(1), DEST VARCHAR(128), DEST_TYPE VARCHAR(1), INCLUDE_PERSONAL VARCHAR(1))
COPY_AUTH(SOURCE VARCHAR(128), DEST VARCHAR(128), INCLUDE_PERSONAL VARCHAR(1))
COPY_AUTH(SOURCE VARCHAR(128), DEST VARCHAR(128))
Description¶
COPY_AUTH is a procedure which copies all authorizations from the source grantee (SOURCE) to the destination grantee (DEST). Note that the implementation does not preserve the grantor, although technically this would be possible by utilizing the SET SESSION USER facility introduced by DB2 9, nor does it remove extra permissions that the destination grantee already possessed prior to the call. Furthermore, method authorizations are not copied.
Parameters¶
- SOURCE
- The name of the user, group, or role to copy permissions from.
- SOURCE_TYPE
- One of
'U'
,'G'
, or'R'
indicating whether SOURCE refers to a user, group, or role respectively. If this parameter is omitted AUTH_TYPE scalar function will be used to determine the type of SOURCE. - DEST
- The name of the user, group, or role to copy permissions to.
- DEST_TYPE
- One of
'U'
,'G'
, or'R'
indicating whether DEST refers to a user, group, or role respectively. If this parameter is omitted AUTH_TYPE scalar function will be used to determine the type of DEST. - INCLUDE_PERSONAL
- If this parameter is
'Y'
and SOURCE refers to a user, then permissions associated with the user’s personal schema will be included in the transfer. Defaults to'N'
if omitted.
Examples¶
Copy authorizations from the user TOM to the user DICK, excluding any permissions associated with the TOM schema.
CALL COPY_AUTH('TOM', 'DICK', 'N');
Copy permissions granted to a group called FINANCE to a role called FINANCE
(the INCLUDE_PERSONAL parameter is set to 'N'
here, but is effectively
redundant as SOURCE_TYPE is not 'U'
).
CALL COPY_AUTH('FINANCE', 'G', 'FINANCE', 'R', 'N');