Chapter 7 Building a Database Access Structure
Granting permissions to a user, role, or group
The procedure for defining privileges is identical for users, groups, and roles.
Inherited permissions
A user belonging to a group or having a role with permissions inherits these permissions. You can display or hide users with inherited permissions using the following tools in the upper part of the Permissions tab:
| Tool
|
Action
|
|---|
|
Adds users that inherit permissions
|
|
Hides users that do not inherit permissions
|
When you select specific permissions for the user, the list of permissions displays the user permission above the group permission. The following table summarizes the different permission combinations:
| Permission combination
|
Description
|
|---|
|
Permission granted to user
|
|
Permission inherited from group
|
|
Permission granted to group and revoked to user
|
|
Permission granted to group and overloaded by "with admin option"
|
|
Permission granted to group and revoked with cascade to user
|
To grant permissions to a user, role, or group:
- Open the property sheet of a user, role, or group, and click the Permissions tab. The columns in the list show the permissions available for a given type of object in the current DBMS. A sub-tab is displayed for each type of object supporting permissions in the current DBMS.
- Click the Add Objects tool to open a selection box listing all the objects of the present type in the model.
- Select one or more objects and click OK to add them to the list of permissions of the user, role, or group. If the current user belongs to a group with permissions on the selected objects, these permissions appear in red in the list.
- [optional] To change the state of a permission, click in the appropriate column until the desired state is displayed, or select one of the Permission state tools at the bottom of the tab:
- Grant – Assigns the permission to the user.
- Grant with admin option - Assigns the permission to the user, and allows the recipient to pass on the permission to other users; groups, or roles.
- Revoke – Revokes the permission inherited from a group or role for the current user or group. This option is only available when the user has inherited a permission from a group or a role.
- Revoke with cascade – Revokes the permission inherited from a group or role for the current user or group and revokes any permission granted by the user.
- None - Cancels any state and cleans up the current cell.
- [optional] For tables, you can specify permissions on individual columns (see Defining column permissions).
- Click OK.
|
Copyright (C) 2006. Sybase Inc. All rights reserved.
|
|