Predicated Privileges

Predicated privileges provide a system of flexible row-level access controls, allowing you to grant select, update, and delete privileges to different users, groups, or roles based on a predicate Adaptive Server evaluates when it accesses the data. If the condition expressed by the predicate is not met for any row of data, Adaptive Server withholds that row from the result set.

Predicated privileges offer data privacy protection based on row-level access controls that dynamically grant privileges to a user based on data content or context information, allowing you to implement a privacy policy in the server instead of the client or a Web server.

A predicate may access other objects, such as tables, SQL functions, or built-in functions. These accesses are checked against the permissions and roles of the predicate owner (such as the grantor) instead of requiring explicit permission by the user who executes the select, update, or delete command on the objects accessed by the predicate.

Predicated privileges allow a service provider to store data in a single database, and share the same tables for multiple customers instead of requiring separate views and instead of triggers for each customer.

See "Granting Predicated Privileges" in the Security Administration Guide for information about using and configuring Adaptive Server with predicated privileges.