SPDO Procedure
- Syntax
Procedure SyntaxPROC SPDO StatementADD ACL StatementCLUSTER ADD StatementCLUSTER CREATE StatementCLUSTER DESTROY StatementCLUSTER FIX StatementCLUSTER LIST StatementCLUSTER MODIFY StatementCLUSTER REMOVE StatementCLUSTER REPLACE StatementCLUSTER UNDO StatementCONSTRAINT ADD StatementCONSTRAINT DESCRIBE StatementCONSTRAINT REMOVE StatementDELETE ACL StatementLIST ACL StatementLIST USERS StatementLIST USERS/LOCKING StatementMODIFY ACL StatementOPER StatementREFRESH DOMAINS StatementREFRESH PARMS StatementSET ACLTYPE StatementSET ACLUSER StatementSET MODE OPER StatementSET USER StatementSET USER/LOCKING StatementSHOWLIBNAME StatementSPDSCMD StatementSPDSMAC StatementTRUNCATE Statement - Overview
- Concepts
- Examples
ADD ACL Statement
Creates new ACL entries.
| Requirement: | You must be the resource owner, have ACL access to a resource, or have special privilege in order to add an ACL to a resource. When using special privilege, set the ACLSPECIAL= option in the LIBNAME statement. |
| Interactions: | Before using ADD ACL, you must set the context for the request with the SET ACLUSER statement. For more information, see SET ACLUSER Statement. |
| If you are creating an ACL for a resource other than a domain or a table, set the ACL type before using ADD ACL. For more information, see SET ACLTYPE Statement. | |
| See: | For detailed information about how the server supports ACLs, see ACL Security Model. |
Syntax
Optional Arguments
acl
specifies the name of the ACL. Use a one-part name to identify resources except domains and table columns. You do not need to specify a name when creating a domain ACL. The domain is inferred from the libref. Use a two-part name (table.column) to identify an ACL for a table column. You can specify multiple names. Each name creates a separate ACL entry.
ALTER
grants universal ALTER access to the resource.
C=cat
identifies the specified ACL names as the names of catalog entries in the catalog cat. You pair this value with the T= option.
/GENERIC
specifies that the ACL name is a generic ACL.
| Note | If you specify /GENERIC when defining a table column ACL, the /GENERIC applies to the table name, not to the column name. |
GROUPALTER
grants group ALTER access to the resource.
GROUPREAD
grants group READ access to the resource.
GROUPWRITE
grants group WRITE access to the resource.
/LIBNAME
creates an ACL for the domain. You can control access permissions to an entire domain with this option.
MODEL
specifies the name of another ACL. This option requests the software to copy all the access permissions and access list entries from this ACL.
/PERSIST
specifies that the ACL (or ACLs) is a persistent ACL. A persistent ACL entry is an ACL that is not removed from the ACL tables when the resource is deleted.
READ
grants universal READ access to the resource.
T=type
identifies the catalog entry type to associate with the specified ACLs names. This option is required when you specify the C= option.
WRITE
grants universal WRITE access to the resource.
Details
Examples
Example 1: Add Domain ACL
add acl/LIBNAME read groupwrite;
Example 2: Add Resource ACL
add acl mine_aug2016/read write;
Example 3: Add Generic ACL
add acl mine/generic read;
Example 4: Add Column ACL
add acl mine_aug2016.salary/groupread;
Example 5: Add Generic Column ACL
add acl mine.salary/generic groupread;
Example 6: Add Catalog ACL
set acltype catalog; add acl mycat/read groupread groupwrite;
Example 7: Add Generic ACL for Catalog Entries
set acltype catalog; add acl my c=mycat t=catams/generic read groupread;