CREATE GROUP
Valid in: SQL, ESQL, OpenAPI, ODBC, JDBC, .NET
The CREATE GROUP statement establishes a group identifier and associates it with the specified list of users. Group identifiers enable the database administrator (or user that has the security privilege) to grant identical privileges to a group of users.
After creating a group identifier and specifying its members, the system administrator can grant privileges to the group identifier. When a member of the group begins a session, the group identifier can be specified in the SQL or CONNECT statement (or on the operating system command line, using the -G flag) to obtain the privileges associated with the group.
The CREATE GROUP statement has the following format:
[EXEC SQL] CREATE GROUP group_id {, group_id}
[WITH USERS = (user_id {, user_id})]
group id
Is the group identifier. It must be a valid object name that is unique among all user, group, and role identifiers in the installation. If an invalid identifier is specified in the list of group identifiers, the DBMS Server returns an error but processes all valid group identifiers. Group identifier names are stored in the iiusergroup catalog in the iidbdb database.
user id
Must be a valid user name. If an invalid user identifier is specified, the DBMS Server issues an error but processes all valid user identifiers. A group can contain any number of users. A group identifier can be created without specifying a user list. To add users to an existing group identifier, use the ALTER GROUP statement.
Embedded Usage
In an embedded CREATE GROUP statement, neither group_id nor user_id can be specified using host language variables.
Permissions
You must have MAINTAIN_USERS privilege and be connected to the iidbdb database.
Locking
The CREATE GROUP statement locks pages in the iiusergroup catalog in the iidbdb. This can cause sessions attempting to connect to the server to be suspended until the CREATE GROUP statement is completed.
Related Statements
ALTER GROUP
DROP GROUP
Last modified date: 08/29/2024