MOVE_AUTH procedure¶
Moves all authorities held by the source to the target, provided they are not already held.
Prototypes¶
MOVE_AUTH(SOURCE VARCHAR(128), SOURCE_TYPE VARCHAR(1), DEST VARCHAR(128), DEST_TYPE VARCHAR(1), INCLUDE_PERSONAL VARCHAR(1))
MOVE_AUTH(SOURCE VARCHAR(128), DEST VARCHAR(128), INCLUDE_PERSONAL VARCHAR(1))
MOVE_AUTH(SOURCE VARCHAR(128), DEST VARCHAR(128))
Description¶
MOVE_AUTH is a procedure which moves all authorizations from the source grantee (SOURCE) to the destination grantee (DEST). Like COPY_AUTH procedure, this procedure does not preserve the grantor, and method authorizations are not moved. Essentially this procedure combines COPY_AUTH procedure and REMOVE_AUTH procedure to copy authorizations from SOURCE to DEST and then remove them from SOURCE.
Note
Column-level authorizations will be copied to DEST, but will not be removed from SOURCE. Their removal must be handled manually.
Parameters¶
- SOURCE
- The name of the user, group, or role to copy permissions from.
- SOURCE_TYPE
- One of
'U'
,'G'
, or'R'
indicating whether SOURCE refers to a user, group, or role respectively. If this parameter is omitted AUTH_TYPE scalar function will be used to determine the type of SOURCE. - DEST
- The name of the user, group, or role to copy permissions to.
- DEST_TYPE
- One of
'U'
,'G'
, or'R'
indicating whether DEST refers to a user, group, or role respectively. If this parameter is omitted AUTH_TYPE scalar function will be used to determine the type of DEST. - INCLUDE_PERSONAL
- If this parameter is
'Y'
and SOURCE refers to a user, then permissions associated with the user’s personal schema will be included in the transfer. Defaults to'N'
if omitted.
Examples¶
Copy authorizations from the user TOM to the user DICK, excluding any permissions associated with the TOM schema (so TOM retains access to his personal schema after this command).
CALL MOVE_AUTH('TOM', 'DICK', 'N');
Move permissions granted to a group called FINANCE to a role called FINANCE
(the INCLUDE_PERSONAL parameter is set to 'N'
here, but is effectively
redundant as SOURCE_TYPE is not 'U'
).
CALL MOVE_AUTH('FINANCE', 'G', 'FINANCE', 'R', 'N');