Database Reference
In-Depth Information
13.2.2 Access to the System Resources
In the context of a database, we are concerned with access to system objects such as
tables, views, indexes, sequences, synonyms, procedures, and other objects that the
DBMS may support. Three possible actions (considered as privileges) may apply to each
of these objects: creation, alteration, and dropping. Additionally, any valid SQL statement
is considered a privilege. Finally, there are other system-wide privileges and roles (as you
will see shortly).
The
Grant
statement is used for granting access of resources to user(s) and/or
role(s), while the
Revoke
statement is used for revoking access of resources from user(s)
and/or role(s). The basic syntax of each command is shown in Figure
13-8
.
Figure 13-8.
The Grant and Revoke Statements
Note:
1.
The
ON Clause
is used if the privilege relates to a database
object.
2.
The privilege is typically a command name or a role; the
recipient of the privilege may be a user or a
role
(roles will be
clarified shortly).
3.
The WITH ADMIN OPTION enables the recipient (user) to be
able to grant/revoke this system privilege to/from other users
or roles.
4.
The WITH GRANT OPTION enables the recipient (user) to be
able to grant/revoke this object privilege to/from other users
or roles.
Example 7:
Create user
BruceJones
and grant certain privileges to him; also allow
user
Scott
to be able to run queries on the
Program
table:
