Adaptive Server allows you to grant and revoke permissions for users, roles, and groups for the update statistics, delete statistics, and truncate table commands. Table owners can also provide permissions through an implicit grant by adding update statistics, delete statistics, and truncate table to a stored procedure and then granting execute permissions on that procedure to a user or role.
You cannot grant or revoke permissions for update statistics at the column level. You must have the sso_role to run update statistics or delete statistics on sysroles, syssrvroles, and sysloginroles security tables.
By default, users with the sa_role have permission to run update statistics and delete statistics on system tables other than sysroles, syssrvroles and sysloginroles, and can transfer this privilege to other users.
The partial syntax for grant and revoke is:
grant [truncate table | update statistics | delete statistics] on table_name to {user_name | role_name | group_name}
revoke [truncate table | update statistics | delete statistics] on table_name from {user_name | role_name | group_name}
You can also issue grant all to grant permissions on update statistics, delete statistics, and truncate table.
For example, the following allows user “harry” to use truncate table and updates statistics on the authors table:
grant truncate table on authors to harry grant update statistics on authors to harry
The following revokes truncate table and update statistics privileges from “harry” on the authors table:
revoke truncate table on authors from harry revoke update statistics on authors from harry
The following allows user “billy” to use the delete statistics command on the authors table:
grant delete statistics on authors to billy
The following revokes the delete statistics privileges from user “billy” on the authors table:
revoke delete statistics on authors from billy
The following grants truncate table and update and delete statistics privileges to all users with the oper_role (if users “billy” and “harry” possess the oper_role, they can now run these commands on authors):
grant truncate table on authors to oper_role grant update statistics on authors to oper_role grant delete statistics on authors to oper_role
The following revokes truncate table and update and delete statistics privileges from all users with the oper_role:
revoke truncate table on authors from oper_role revoke update statistics on authors from oper_role revoke delete statistics on authors from oper_role
Users “billy” and “harry” can no longer run these commands on authors.
You can also implicitly grant permissions for truncate table, delete statistics, and update statistics through a stored procedure. For example, assuming “billy” owns the authors table, he can run the following to grant “harry” privileges to run truncate table and update statistics on authors:
create procedure sproc1 as truncate table authors update statistics authors go grant execute on sproc1 to harry go
You can also implicitly grant permissions at the column level for update statistics and delete statistics through stored procedures.
Once you grant permission to execute update
statistics to a user, they also have permission to execute
variations of this command, such as update all statistics, update
partition statistics, update index statistics, update
statistics table, and so on. For example, the following
grants “billy” permission to run all variations
of update statistics on the authors table:
grant update statistics on authors to billy
If you revoke a user’s permission to execute update statistics, you also revoke their ability to execute the variations of this command.
You cannot grant variants of update statistics (for example, update index statistics) separately. That is, you cannot issue:
grant update all statistics to harry
However, you can write stored procedures that control who executes these commands. For example, the following grants “billy” execute permission for update index statistics on the authors table:
create proc sp_ups as update index statistics on authors go revoke update statistics on authors from billy go grant execute on sp_ups to billy
You cannot grant and revoke delete statistics permissions at the column level.
Although Adaptive Server audits truncate table as a global, miscellaneous audit, it does not audit update statistics. To retain clear audit trails for both truncate table and update statistics, Sybase recommends that you include both commands in a stored procedure to which you grant users execute permission, as described above.
The command fails and generates error number 10330 if a user issues update statistics, delete statistics or truncate table and they:
Do not own the table.
Do not have the sa_role.
Are not a database owner who has successfully used setuser to become the user who is the owner of the table.
Have not been granted update statistics, delete statistics, or truncate table privileges.
