About granting and revoking privileges

• Granting and revoking privileges is a way of controlling access within DB2.
• A privilege allows a specific function, such as deleting, and may given broadly or be limited to a specific object.
• An explicit privilege has a name, such as SELECT, and is held as the result of an SQL GRANT or REVOKE statement or actions taken in the Privileges Window of the Control Center.
• An administrative authority is a set of privileges, often covering a related set of objects. Authorities often include privileges that are not explicit, have no name, and cannot be specifically granted. For example, SYSOPR is an administrative authority which includes the privilege to terminate any utility job.
• Privileges and authorities are held by authorization IDs.
• A user who has the grant privilege on an object can revoke privileges for that object from any user except the user who owns the object.

Related information

Authorities and privileges