Object creation permissions regulate the use of commands that create objects. Other than commands for creating objects, other commands like connect and set session authorization can be granted. These permissions can be granted only by a system administrator or a database owner (unless otherwise noted).
The commands are:
connect
create database
create default
create procedure
create rule
create table
create view
set session authorization
create encryption key (only grantable by system security officer)
create trigger (only grantable by system security officer)
The syntax for command permissions differs slightly from the syntax for object access permissions. The syntax for grant is:
grant {all [privileges] | command_list}
to {public | name_list | role_name}
The syntax for revoke is:
revoke {all [privileges] | command_list}
from {public | name_list | role_name}
where:
all or all privileges – can be used only by a system administrator or the database owner. When used by a system administrator in the master database, grant all assigns all create permissions, including create database (except create encryption key and create trigger). If the system administrator executes grant all from another database, all create permissions are granted except create database, create trigger and create encryption key. When the database owner uses grant all, Adaptive Server grants all create permissions except create database, create trigger, and create encryption key, and prints an informational message.
command_list – is the object creation and other command permissions that you are granting or revoking. Separate commands with commas. The list can include create database, create default, create procedure, create rule, create table, connect, create encryption key, set session authorization, create view, and create trigger. create database permission can be granted only by a system administrator, and only from within the master database. You must have system security officer privileges to grant create encryption key, set session authorization, and create trigger permissions.
public – is all users except the database owner (who “owns” object creation permissions within the database).
name_list – is a list of user or group names, separated by commas.
role_name – is the name of an Adaptive Server system or user-defined role. You can create and define a hierarchy of user-defined roles and grant them privileges based on the specific role granted.
