Defining permissions for a user

Chapter 13 Managing Database Access

Defining permissions for a user

You can define in the same way permissions for a user, a group, or a role. In this section, we focus on the user case, but the process can be used with groups and roles.

The Permissions page is divided in two zones:

The list in the upper part of the page contains columns corresponding to selected objects and different permissions allowed in the current DBMS. You can select multiple objects in this list
The Permission State groupbox contains buttons for selecting the state of each permission for a given object

The following states are available:

Grant option	Description
Grant	Permission is assigned to user
Revoke	Permission inherited from a group or role is revoked for the current user. Revoke is only available when the user inherits a privilege from a group or a role
Grant with grant option	Grantee has the right to pass on the permission to other users
Revoke with cascade	User no longer has permission and the same occurs to all users who were granted permissions by the grantee
None	To cancel any state and clean up the current cell

When you define the permissions for a user you have to:

Select the objects on which the user will have permissions
Define the state of each permission for a given object

Inherited permissions

A user belonging to a group or having a role with permissions inherits these permissions. You can display or hide users with inherited permissions using the following tools in the upper part of the Permissions page:

Tool	Action
	Adds users that inherit permissions
	Hides users that do not inherit permissions

When you select specific permissions for the user, the list of permissions displays the user permission above the group permission. The following table summarizes the different permission combinations:

Permission combination	Description
	Permission granted to user
	Permission inherited from group
	Permission granted to group and revoked to user
	Permission granted to group and overloaded by "with admin option"
	Permission granted to group and revoked with cascade to user

To define permissions for a user:

Open the property sheet of a user and click the Permissions tab.

The Permissions page appears, it displays a list of permissions. The different columns in the list correspond to permissions allowed for a given type of object in the current DBMS. The different tabbed pages correspond to objects supporting permissions in the current DBMS.

Click the Add Objects tool.

A selection dialog box appears with object of the same type.

Select one or several objects and click OK.

The selected objects appear in the list in the selected page. If the current user belongs to a group with permissions on the selected objects, these permissions appear in red in the list.

Click inside the cell corresponding to the permission state you want to define.

or

Select several objects and click inside one of the cells corresponding to the permission state you want to define for these objects.

A state automatically appears in the cell.

Click again in the cell until the desired state appears.

or

Select a state in the Permission State groupbox in the lower part of the dialog box.

You define the state of the permission.

Repeat the previous step for each permission of a given object and for each selected object.

Click OK.