Privilege Specification (priv_spec)

A privilege specification (priv_spec) defines a role or a set of privileges for specific tables or parts of tables.

Syntax

<priv_spec> ::= ALL [PRIV[ILEGES]] ON [TABLE] <table_name>,...
| <privilege>,... ON [TABLE] <table_name>,...
| <
role_name>

<privilege> ::=
  ALTER
| DELETE
| INDEX
| INSERT
| REFERENCES [(<
column_name>,...)]
| SELECT [(<column name>,...)]
| SELUPD [(<column name>,...)]
| UPDATE [(<column_name>,...)]

Explanation

These tables must not be temporary base tables.

The user must have the authorization to grant (GRANT statement) and revoke (REVOKE statement) privilege for the specified tables. For base tables, the owner of the table has this authorization.

In the case of view tables, the owner may not always be authorized to assign or revoke all privileges. The database determines the privileges that a user can assign or revoke for a view table when the table is created. The result depends on the type of table and on the user's privileges for the tables selected in the view table. The owner of a table can interrogate the privileges that he or she is allowed to grant or revoke by selecting the system table DOMAIN.PRIVILEGES.

ALL [PRIV[ILEGES]]

All of the privileges that the user can grant for tables are granted (GRANT statement) or revoked (REVOKE statement) for the specified users, usergroups, and roles.

If a user who is not the owner of the table specifies ALL in a REVOKE statement, all of the privileges he or she has granted to the specified user for this table are revoked.

If a role is defined as a privilege specification, it must exist and the current user must be the owner of the role.

ALTER

Allows the identified user to execute the ALTER TABLE statement for the specified tables. The ALTER privilege can only be granted for base tables. The current user must be authorized to grant the ALTER privilege.

DELETE

Allows the identified user to delete rows from the specified table. The current user must be authorized to grant the DELETE privilege.

INDEX

Allows the identified user to execute the CREATE INDEX and DROP INDEX statements for the specified tables. The INDEX privilege can only be granted for base tables. The current user must be authorized to grant the INDEX privilege.

INSERT

Allows the identified user to insert rows in the specified table. The current user must be authorized to grant the INSERT privilege.

REFERENCES

Allows the identified user to specify the table as a referenced table referenced_table in a column definition or referential CONSTRAINT definition.

SELECT

Allows the identified user to select rows in the specified table. If column names are specified, the rows may only be selected in the columns identified by these names. The current user must be authorized to grant the SELECT privilege.

SELUPD

The SELECT and UPDATE privileges are granted. If column names are specified, the rows may only be selected or updated in the columns identified by these names. The current user must be authorized to grant both the SELECT and the UPDATE privileges.

UPDATE

Allows the identified user to update rows in the specified table. If column names are specified, the rows may only be updated in the columns identified by these names. The current user must be authorized to grant the UPDATE privilege.

See also:

INSERT-/UPDATE/DELETE Privilege for Owners of View Tables

Privileges: Overview