Difference between revisions of "GRANT"

From Recital Documentation Wiki
Jump to: navigation, search
 
Line 14: Line 14:
  
 
==See Also==
 
==See Also==
[[ALTER TABLE]], [[CREATE TABLE]], [[GETENV()]], [[REVOKE]], [[SET TCACHE]]
+
[[ALTER TABLE]], [[CREATE TABLE]], [[GETENV()]], [[REVOKE]]
  
  
Line 38: Line 38:
 
|READ ONLY||The ability to read from any column in a SELECT statement.  The privilege can be restricted to one or more columns by listing them.
 
|READ ONLY||The ability to read from any column in a SELECT statement.  The privilege can be restricted to one or more columns by listing them.
 
|-
 
|-
|database||The name of the database to which the table belongs.  Databases in Recital are implemented as directories containing files that correspond to the tables and associated files in the database.  Operating System file protection can be applied individually to the files for added security.  The directory is a sub-directory of the Recital data directory.  The environment variable / symbol DB_DATADIR points to the current Recital data directory and can be queried using the GETENV() function.  Files from other directories can be added to the database using the ADD TABLE command or via the database catalog and SET AUTOCATALOG functionality.  The '!' character must be included between the database name and the table name.
+
|database||The name of the database to which the table belongs.  Databases in Recital are implemented as directories containing files that correspond to the tables and associated files in the database.  Operating System file protection can be applied individually to the files for added security.  The directory is a sub-directory of the Recital data directory.  The environment variable DB_DATADIR points to the current Recital data directory and can be queried using the GETENV() function.  Files from other directories can be added to the database using the ADD TABLE command or via the database catalog and SET AUTOCATALOG functionality.  The '!' character must be included between the database name and the table name.
 
|-
 
|-
 
|table||The name of the table to which the privileges are granted.  
 
|table||The name of the table to which the privileges are granted.  
Line 54: Line 54:
 
<code lang="recital">
 
<code lang="recital">
 
// Grant update privilege for columns lastname and firstname and insert for the table
 
// Grant update privilege for columns lastname and firstname and insert for the table
EXEC SQL
+
GRANT UPDATE (lastname, firstname) INSERT;
  GRANT UPDATE (lastname, firstname) INSERT
+
  ON customer;
    ON customer
+
  TO '[20,100]'  
    TO '[20,100]';
+
  
 
// Grant all privileges to all users
 
// Grant all privileges to all users
EXEC SQL
+
GRANT ALL ON test TO PUBLIC
  GRANT ALL ON test TO PUBLIC;
+
 
</code>
 
</code>
  

Latest revision as of 17:42, 22 December 2009

Purpose

Grants access privileges for users to tables


Syntax

GRANT

ALL | [SELECT [(<column> [,...])]] [UPDATE [(<column> [,...])]]

[INSERT] [DELETE] [ALTER] [READ ONLY [(<column> [,...])]]

ON [<database>!] <table> TO '<user>,<group>' [,...] | PUBLIC


See Also

ALTER TABLE, CREATE TABLE, GETENV(), REVOKE


Description

The GRANT command is used to grant access privileges for users to tables. It can extend user privileges but cannot limit existing privileges. Later GRANT statements do affect privileges already granted to a user. Privileges can only be removed with the REVOKE statement. To grant privileges you must be the owner of the table or have already been granted ALTER privileges.


Keywords Description
ALL All privileges are granted.
SELECT The ability to name any column in a SELECT statement. The privilege can be restricted to one or more columns by listing them.
UPDATE The ability to name any column in an UPDATE statement. The privilege can be restricted to one or more columns by listing them.
INSERT The ability to INSERT rows into the table.
DELETE The ability to DELETE rows from the table.
ALTER The data type to be stored in that column, and the applicable length or precision.
READ ONLY The ability to read from any column in a SELECT statement. The privilege can be restricted to one or more columns by listing them.
database The name of the database to which the table belongs. Databases in Recital are implemented as directories containing files that correspond to the tables and associated files in the database. Operating System file protection can be applied individually to the files for added security. The directory is a sub-directory of the Recital data directory. The environment variable DB_DATADIR points to the current Recital data directory and can be queried using the GETENV() function. Files from other directories can be added to the database using the ADD TABLE command or via the database catalog and SET AUTOCATALOG functionality. The '!' character must be included between the database name and the table name.
table The name of the table to which the privileges are granted.
user The user access control string that will be granted the privilege. User access control strings are defined by the operating system.
group The group access control string that will be granted the privilege. Group access control strings are defined by the operating system
PUBLIC All users and groups will be granted the privilege.


Example

// Grant update privilege for columns lastname and firstname and insert for the table
GRANT UPDATE (lastname, firstname) INSERT;
  ON customer;
  TO '[20,100]' 
 
// Grant all privileges to all users
GRANT ALL ON test TO PUBLIC


Products

Recital Server, Recital