Granting System Privileges

System privileges are granted to users, groups, and roles to give them the right to perform particular types of action in the database. By default, a user belonging to a group or having a role inherits the group or role privileges and these inherited privileges are identifies as such in the Privileges tab of the user property sheet. A user with an administrative profile is also allowed to revoke a privilege.

System privileges are used in association with object permissions (see Granting Object Permissions) to evaluate the rights of a user, group, or role. For example, even if a user has the Modify privilege, he cannot modify an object on which he has no Update permission.

Note: In some DBMSs, system privileges are called permissions. In PowerDesigner, the term privilege is reserved for any right granted to a user, a group, or a role. Permissions are defined for objects.
  1. Open the property sheet of a user, role, or group, and click the Privileges tab.
  2. [optional] Click the Show/Hide All Inherited Privileges tool to show privileges that have been inherited from a group. Inherited privileges are red, while privileges directly granted to the user are blue.
  3. Click the Add Objects tool to choose one or more of the privileges available in the DBMS, and click OK to grant them to the user, role, or group:

    System privileges are defined in the DBMS definition file. To review and edit the list of available privileges, select Database > Edit Current DBMS, select the item Script > Objects > Privilege > System, and edit the list as appropriate. The Privilege category also contains entries that define the syntax for the necessary SQL statements for granting and revoking privileges. For more information, see Customizing and Extending PowerDesigner > DBMS Definition Files > Script/Objects Category.

  4. [optional] To change the state of a privilege (whether granted directly, or inherited from a group), click in the State column to cycle through the available states, or click on the appropriate tools in the Privilege state group box at the bottom of the tab:

    Privilege

    Description


    Grant – [default] Assigns the privilege to the user.


    Inherited/None - Reverts the cell to the inherited state.


    Revoke – Revokes the privilege inherited from a group or role for the current user or group.


    Grant with admin option - Assigns the privilege to the user, and allows the recipient to pass on the privilege to other users, groups, or roles. For example, you assign the CREATE TABLE privilege for user Designer_1 and then click the Grant With Admin Option button to permit Designer_1 to grant this privilege to other users.


  5. When the privileges are correct, click OK to return to the model.
Parent topic: Users, Groups, and Roles (PDM)