Java Reference
In-Depth Information
During the lifetime of a database user, you may need to make modifications to his or
her password or access expiration date. Similarly, you may want to modify a user's
privileges. These functions are handled using the ALTER USER command.
Ultimately, you may need to remove an individual's access to the database entirely.
This is done using the DROP USER command.
User Privileges
Database management systems define sets of privileges that can be assigned to
users. These privileges correspond to actions that can be performed on objects in the
database. This approach provides a fine degree of control of database access,
allowing the database administrator to do anything he or she may need to do, while
restricting clerical personnel to a lower and potentially less damaging level of access.
When a new database is created, the default owner of the database is the user who
executes the CREATE command. To allow other users to work with the database,
you need to assign them the privileges to do so. Privileges can be assigned either to
individual users or to groups of users.
User privilege levels
User privileges can be assigned at two different levels. Users can be restricted both
at the level of the types of actions they can perform, such as READ, MODIFY, or
WRITE, and at the level of the types of database objects they can access.
Access level privileges can generally be assigned at the following levels:
Global level access to all databases on a given server
Database level access to all tables in a given database
Table level access to all columns in a given table
Column level access to single columns in a given table
It is obvious from the range of different access privileges provided that security is a
major consideration in database implementation. Normally, the management of user
privileges is an administrative function, handled by the database administrator.
Granting and revoking user privileges
The SQL GRANT command is used to grant users the necessary access privileges to
perform various operations on the database. In addition to granting a user specified
access privileges, the GRANT command can be used to allow the user to grant a
privilege to other users. There is also an option allowing the user to grant privileges
on all subtables and related tables.
