Granting Object Permissions

Object permissions give users the right to perform operations on particular database objects. The procedure for defining permissions is identical for users, groups, and roles.

System privileges are used in association with object permissions (see Granting System Privileges) to evaluate the rights of a user, group, or role.

PowerDesigner allows you to define permissions on tables, views, columns, procedures, packages, and other objects depending on your DBMS. Some or all of the following may be available:

Permission	Description
Select	To observe information contained in object
Insert	To insert rows into object
Alter	To alter table with ALTER TABLE command
Delete	To delete rows from object
References	To create indexes in tables and foreign key referencing tables
Update	To update row in object
Index	To create an index with the CREATE INDEX command
Execute	To execute procedure or function

For more information on the permissions allowed in your DBMS, see your DBMS documentation.

Note: The owner of an object (see Assigning an Owner to an Object) automatically has permission to carry out any operation on that object. These permissions do not appear in the Permissions tab of the object property sheet but they are implemented during generation and reverse engineering.

Open the property sheet of a user, role, or group, and click the Permissions tab. The columns in the list show the permissions available for a given type of object in the current DBMS. A sub-tab is displayed for each type of object supporting permissions in the current DBMS.

Note: You can also assign permissions to an object from the Permissions tab of the object property sheet. In this case, there are sub-tabs listing the users, roles, and groups who have permissions on the object. This tab lets you see all the permissions granted for the object, while the Permissions tab in the property sheet of a user, role, or group lists all the objects for which it has permissions.
Click the Add Objects tool to add one or more of objects of the present type in the model, and click OK to add them to the list. If the user belongs to a group with permissions on the selected objects, these permissions appear in red in the list.
[optional] Click the Show All Inherited Permissions or Hide Inherited Permissions tool to show or hide permissions that have been inherited from a group. Inherited permissions display in red, while permissions directly granted to the user are blue.

[optional] To change the state of a permission (whether granted directly, or inherited from a group), click in the appropriate column to cycle through the available states, or click on the appropriate tools in the Permission state group box at the bottom of the tab:

Grant – Assigns the permission to the user.
Grant with admin option - Assigns the permission to the user, and allows the recipient to pass on the permission to other users, groups, or roles.
Revoke – Revokes the permission inherited from a group or role for the current user or group.
Revoke with cascade – Revokes the permission inherited from a group or role for the current user or group and revokes any permission granted by the user.
None - Cancels any state and cleans up the current cell.

The following table summarizes the available permission combinations:

Permission combination	Description
	Permission granted to user
	Permission inherited from group
	Permission granted to group and revoked to user
	Permission granted to group and overloaded by "with admin option"
	Permission granted to group and revoked with cascade to user

[optional] For tables, you can specify permissions on individual columns (see Defining Column Permissions).
When the permissions are correct, click OK to close the property sheet and return to the model.