Permissions

Permissions

A user's permissions can be grouped into the following main categories:

The following table summarizes the permissions that can be granted on database objects:

Permission type	Supported by database objects	Inherited through group membership	Description	WITH GRANT option support
ALL	Tables, views	Yes	Allows the user to perform all tasks associated with a database object. This permission grants the following permissions on tables: ALTER, DELETE, INSERT, REFERENCES, SELECT, and UPDATE. This permission grants the following permissions on views: DELETE, INSERT, SELECT, and UPDATE. See GRANT statement.	GRANT and WITH GRANT option
ALTER	Tables	Yes	Allows the user to alter the structure of a table or create a trigger on a table. Because this permission grants the user the permission to modify the database schema, it should not be granted to most users. See GRANT statement.	GRANT and WITH GRANT option
CONNECT	User	No	Allows the user to connect to the database. See New user creation.	N/A
CONSOLIDATE	User	No	Identifies a consolidated database in SQL Remote. See CONSOLIDATE permission.	N/A
CREATE ON	Dbspaces	Yes	Allows a user with RESOURCE authority to create database objects in the specified dbspace. See GRANT statement and RESOURCE authority.	GRANT and WITH GRANT option
DELETE	Tables, views	No	Allows the user to delete rows from a table or view. See GRANT statement.	GRANT and WITH GRANT option
EXECUTE	Procedures, user-defined functions	No	Allows the user to execute a procedure or a function. See GRANT statement.	GRANT but not WITH GRANT option
INSERT	Tables, views	Yes	Allows the user to insert rows into a table or view. See GRANT statement.	GRANT and WITH GRANT option
INTEGRATED LOGIN	Users	No	Allows the user to connect to the database using an integrated login. See Windows integrated logins.	N/A
KERBEROS LOGIN	Users	No	Allows the user to connect to the database using a Kerberos login. See Kerberos authentication.	N/A
PUBLISH	Users	No	Identifies the publisher of a database in SQL Remote. See PUBLISH permission.	N/A
REFERENCES	Tables	Yes	Allows the user to create indexes on a table and to create foreign keys that reference a table. This permission can also be granted on individual columns in a table. Because this permission grants the user permission to modify the database schema, it should not be assigned to most users. When the column names are specified, the user is only allowed to view those columns in the table. See GRANT statement.	GRANT and WITH GRANT option
REMOTE	Users	No	Identifies a remote database in SQL Remote and MobiLink. See GRANT REMOTE DBA statement [MobiLink] [SQL Remote].	N/A
SELECT	Tables, views	Yes	Allows the user to look at information in a table or a view. This permission can also be granted to individual columns in a table. See GRANT statement.	GRANT and WITH GRANT option
UPDATE	Tables, views	Yes	Allows the user to update rows in a table or view. This permission can also be granted to individual columns in a table. See GRANT statement.	GRANT and WITH GRANT option
USAGE	Sequence generators	No	Allows the user to evaluate the current or next value in a sequence. The user must have DBA authority or be the creator of the sequence to use this permission. If the sequence is part of a DEFAULT clause on a table, any user that inserts a row into the table must have permission on the sequence. See GRANT statement.	GRANT but not WITH GRANT option
WITH GRANT OPTION	Tables, views	No	Allows users to grant the same permission to other users.

Permissions explicitly granted to a user or group
Permissions acquired through ownership of an object
Permissions inherited through group membership
Permissions granted on disabled objects
Database object permissions
Grant permissions to users
Granting users the right to grant permissions to other users
User permission revocation
Permission revocation
Granting and revoking remote permission for SQL Remote

Discuss this page in DocCommentXchange.

Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1