GRANT

The GRANT statement gives you the permission to create, query, and manipulate encrypted tables within the database. To perform the GRANT operation, you must be currently connected and authenticated. If a database is not encrypted, you (as the first user) can grant yourself the authentication necessary to perform the GRANT operation. (See example 1 below for more information on how to do this.)

To change your own password, you should perform a GRANT operation on your own user ID.

Invocation

This statement can be used in an application program using the DB2 CLI functions or issued through the CLP.

Syntax

>>-GRANT--ENCRYPT ON DATABASE TO--new_user--USING--grantor_password-->
 
>--NEW--new_password-------------------------------------------><
 
 

Description

new_user

Identifies the user being granted the encryption privileges.

grantor_password

The password of the authenticated user who is granting the new user encryption privileges.

new_password

The password of the user being granted the encryption privileges

Rules

• Both the user name and the password parameter are limited in length to 254 bytes.
• For multi-byte characters, the UTF-8 encoding is used internally for storage. Therefore, user names written using international character sets are limited in length.
• DB2 Everyplace requires the grantor (that is, the currently-connected user) to re-enter the grantor password to be able to grant privileges to a new user. This restrictions ensures that the grantor is physically present at the device.
• Passwords and userids must be delimited by double quotes.

Notes

• If you are an existing user, you must be connected and authenticated to change your own password. You can change your own password only.
• The GRANT statement cannot be used with parameter markers or the SQLPrepare() function.
• Attempting to GRANT privileges while connected with an unauthorized user returns SQLSTATE 42502. Specifying a wrong password with the GRANT statement causes a SQLSTATE 42506.

Example

Example 1: The first user grants herself the authentication necessary to perform the GRANT operation, on a database that has not yet been encrypted:

GRANT ENCRYPT ON DATABASE TO "jsk" USING "foo" NEW "foo"     

Example 2:Now the user "jsk" (in Example 1, above) is created and authenticated and owns the connection. For "jsk" to add another user:

GRANT ENCRYPT ON DATABASE TO "xin" USING "foo" NEW "bar"

Example 3:The user "jsk", currently connected, changes her own password:

GRANT ENCRYPT ON DATABASE TO "jsk" USING "foo" NEW "fie"

Example 4:The user "jsk", still currently connected, uses her new password to add another user:

GRANT ENCRYPT ON DATABASE TO "thf" USING "fie" NEW "fum"

Related reference

• Overview of DB2 Everyplace SQL statement support
• Data type compatibility for assignments and comparisons
• DB2 Everyplace supported parameter markers
• SQLState listing
• Summary of SQLState class codes