Chapter 7 Building a Database Access Structure
Granting system privileges to a user, role, or group
The procedure for defining privileges is identical for users, groups, and roles.
Adding a system privilege
You can add a system privilege to the list of available privileges from the DBMS editor. To do so, select Database → Edit Current DBMS, expand categories Script\Objects\Privileges and type each new system privilege on a new line at the end of the list of privileges in the Value box
Inherited privileges
By default, a user belonging to a group or having a role inherits the group or role privileges. Inherited privileges appear in the Privileges tab of the user property sheet.
When you select specific privileges for the user, the list of privileges displays the user privilege above the group privilege. The following table summarizes the different privilege combinations:
| Privilege combination
|
Description
|
|---|
|
Privilege granted to user
|
|
Privilege inherited from group
|
|
Privilege inherited from group and revoked to user
|
|
Privilege inherited from group overloaded by "with admin option"
|
To grant system privileges to a user, role, or group:
- Open the property sheet of a user, role, or group, and click the Privileges tab.
- Click the Add Objects tool to open a selection box listing all the privileges available in the DBMS.
- Select one or more privileges and click OK to add them to the list of privileges of the user, role, or group. By default, privileges are granted.
In the example below, the privileges in red are granted to the group to which the user belongs.
- [optional] To change the state of a privilege, click in the State column until the desired state is displayed, or select one of the Privilege state tools at the bottom of the tab:
- Grant – [default] Assigns the privilege to the user.
- Grant with admin option - Assigns the privilege to the user, and allows the recipient to pass on the privilege to other users; groups, or roles. For example, you assign the CREATE TABLE privilege for user Designer_1 and then click the Grant With Admin Option button to permit Designer_1 to grant this privilege to other users.
- Revoke – Revokes the privilege inherited from a group or role for the current user or group. This option is only available when the user has inherited a privilege from a group or a role.
- None - Cancels any state and cleans up the current cell.
- Click OK.
|
Copyright (C) 2006. Sybase Inc. All rights reserved.
|
|