Chapter 13 Managing Database Access

Defining system privileges

You define the privileges of a user, group, or role from the property sheet of this object. The procedure for defining privileges is identical for users, groups, and roles. In this section, we will use the user example, keeping in mind that the procedure is identical for groups and roles.

When you define system privileges for a user you have to:

Note   Adding a system privilege
You can add a system privilege to the list of available privileges from the DBMS editor. To do so, select Database → Edit Current DBMS, expand categories Script\Objects\Privileges and type each new system privilege on a new line at the end of the list of privileges in the Value box

The following tools are available:

Tool Description
Grant Privilege is assigned to user. By default, any selected privilege is granted to the user and the Grant checkmark appears in the Status column
Grant with admin option Extended privilege that allows the grantee to pass on the privilege to other users; groups, or roles. For example, you select the CREATE TABLE privilege for user Designer_1. Then you click the Grant With Admin Option button. This implies that Designer_1 is allowed to grant the CREATE TABLE privilege to other users. This tool is not available in all DBMS
Revoke The privilege inherited from a group or role is revoked to the current user or group. Revoke is only available when the user inherits a privilege from a group or a role
None To cancel any state and clean up the current cell

Inherited privileges

By default, a user belonging to a group or having a role inherits the group or role privileges. Inherited privileges appear in the Privileges page of the user property sheet.

When you select specific privileges for the user, the list of privileges displays the user privilege above the group privilege. The following table summarizes the different privilege combinations:

Privilege combination
Description

Privilege granted to user

Privilege inherited from group

Privilege inherited from group and revoked to user

Privilege inherited from group overloaded by "with admin option"

Steps To define system privileges for a user:

  1. Open the property sheet of a user and click the Privileges tab.

    The Privileges page appears.
  2. Click the Add Objects tool.

    A selection dialog box appears, to let you select one or several privileges authorized in your current DBMS.
  3. Select one or several privileges.
  4. Click OK.

    The privileges appear in the list of privileges of the current user. By default, privileges are granted.

    In the example below, the privileges in red are granted to the group to which the user belongs.
  5. Click inside the cell corresponding to the privilege state you want to define.

    or

    Select several privileges and click inside one of the cells corresponding to the privilege state you want to define.

    A state automatically appears in the cell.
  6. Click again in the cell until the desired state appears.

    or

    Select a state in the Privilege State groupbox in the lower part of the dialog box.

    You modify the status of the privilege.
  7. Click Apply.

 

Copyright (C) 2005. Sybase Inc. All rights reserved.