Granting Permissions to a User, Role, or Group

The procedure for defining privileges is identical for users, groups, and roles.

A user belonging to a group or having a role with permissions inherits these permissions. You can display or hide users with inherited permissions using the following tools in the upper part of the Permissions tab:

Tool

Action

Adds users that inherit permissions

Hides users that do not inherit permissions

When you select specific permissions for the user, the list of permissions displays the user permission above the group permission. The following table summarizes the different permission combinations:

Permission combination

Description

Permission granted to user

Permission inherited from group

Permission granted to group and revoked to user

Permission granted to group and overloaded by "with admin option"

Permission granted to group and revoked with cascade to user

  1. Open the property sheet of a user, role, or group, and click the Permissions tab. The columns in the list show the permissions available for a given type of object in the current DBMS. A sub-tab is displayed for each type of object supporting permissions in the current DBMS.
  2. Click the Add Objects tool to open a selection box listing all the objects of the present type in the model.
  3. Select one or more objects and click OK to add them to the list of permissions of the user, role, or group. If the current user belongs to a group with permissions on the selected objects, these permissions appear in red in the list.

  4. [optional] To change the state of a permission, click in the appropriate column until the desired state is displayed, or select one of the Permission state tools at the bottom of the tab:

    • Grant – Assigns the permission to the user.

    • Grant with admin option - Assigns the permission to the user, and allows the recipient to pass on the permission to other users; groups, or roles.

    • Revoke – Revokes the permission inherited from a group or role for the current user or group. This option is only available when the user has inherited a permission from a group or a role.

    • Revoke with cascade – Revokes the permission inherited from a group or role for the current user or group and revokes any permission granted by the user.

    • None - Cancels any state and cleans up the current cell.



  5. [optional] For tables, you can specify permissions on individual columns (see Defining column permissions).
  6. Click OK.