Java Reference
In-Depth Information
Column-level access to single columns in a given table
Normally, the management of user privileges is an administrative function that the
database administrator handles.
Frequently, user privileges are assigned by defining a user's
role
. Database roles are
simply predefined sets of user privileges. Like users, user groups and roles are
managed using SQL commands. Most RDBMSes support the following roles or their
equivalents:
Owner
- A user who can read or write data and create, modify, and delete the database or its
components
Writer
- A user who is allowed to read or write data
Reader
- Someone who is allowed to read data but not write to the database
Public
- The lowest possible in terms of privileges
User roles are a neat administrative feature designed to save time for the database
administrator. Like groups, roles can be defined by the database administrator as
required.
Managing user groups
In addition to defining individual users, many systems allow the database
administrator to organize users into logical groups with the same privileges. Groups
are created in much the same way as individual users. The general syntax for
CREATE GROUP is as follows:
CREATE GROUP group_name WITH USER user1, user2
Like users, groups are dropped using the DROP command, as shown here:
DROP GROUP group_name
To add a user to a group, use the ALTER GROUP ADD command; to delete users,
use the ALTER GROUP DROP command, as shown here:
ALTER GROUP
group_name
ADD USER
username
[, ... ]
ALTER GROUP
group_name
DROP USER
username
[, ... ]
A significant difference between adding and dropping groups as opposed to adding
and dropping individual users is that when a group is a ltered or dropped, only the
group is affected. Any users in a group that is dropped simply lose their membership
in the group. The users are otherwise unaffected. Similarly, when a group is altered
by dropping a user, only the group is affected. The user simply loses his or her
membership in the group but is otherwise unaffected.
