<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head profile="http://internetalchemy.org/2003/02/profile">
<link rel="foaf" type="application/rdf+xml" title="FOAF" href="http://www.openlinksw.com/dataspace/uda/about.rdf" />
<link rel="schema.dc" href="http://purl.org/dc/elements/1.1/" />
<meta name="dc.subject" content="SQL" />
<meta name="dc.subject" content="SQL Reference" />
<meta name="dc.subject" content="Select" />
<meta name="dc.subject" content="Update" />
<meta name="dc.subject" content="delete" />
<meta name="dc.subject" content="Select Statement" />
<meta name="dc.subject" content="SQL Syntax" />
<meta name="dc.subject" content="Syntax" />
<meta name="dc.title" content="8. SQL Reference" />
<meta name="dc.subject" content="8. SQL Reference" />
<meta name="dc.creator" content="OpenLink Software Documentation Team ; " />
<meta name="dc.copyright" content="OpenLink Software, 1999 - 2009" />
<link rel="top" href="index.html" title="OpenLink Virtuoso Universal Server: Documentation" />
<link rel="search" href="/doc/adv_search.vspx" title="Search OpenLink Virtuoso Universal Server: Documentation" />
<link rel="parent" href="sqlreference.html" title="Chapter Contents" />
<link rel="prev" href="spasviewsandtables.html" title="Stored Procedures as Views & Derived Tables" />
<link rel="next" href="SETstmt.html" title="SET Statement" />
<link rel="shortcut icon" href="../images/misc/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="doc.css" />
<link rel="stylesheet" type="text/css" href="/doc/translation.css" />
<title>8. SQL Reference</title>
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" />
<meta name="author" content="OpenLink Software Documentation Team ; " />
<meta name="copyright" content="OpenLink Software, 1999 - 2009" />
<meta name="keywords" content="SQL; SQL Reference; Select; Update; delete; Select Statement; SQL Syntax; Syntax; " />
<meta name="GENERATOR" content="OpenLink XSLT Team" />
</head>
<body>
<div id="header">
<a name="GRANT" />
<img src="../images/misc/logo.jpg" alt="" />
<h1>8. SQL Reference</h1>
</div>
<div id="navbartop">
<div>
<a class="link" href="sqlreference.html">Chapter Contents</a> | <a class="link" href="spasviewsandtables.html" title="Stored Procedures as Views & Derived Tables">Prev</a> | <a class="link" href="SETstmt.html" title="SET Statement">Next</a>
</div>
</div>
<div id="currenttoc">
<form method="post" action="/doc/adv_search.vspx">
<div class="search">Keyword Search: <br />
<input type="text" name="q" /> <input type="submit" name="go" value="Go" />
</div>
</form>
<div>
<a href="http://www.openlinksw.com/">www.openlinksw.com</a>
</div>
<div>
<a href="http://docs.openlinksw.com/">docs.openlinksw.com</a>
</div>
<br />
<div>
<a href="index.html">Book Home</a>
</div>
<br />
<div>
<a href="contents.html">Contents</a>
</div>
<div>
<a href="preface.html">Preface</a>
</div>
<br />
<div class="selected">
<a href="sqlreference.html">SQL Reference</a>
</div>
<br />
<div>
<a href="sqlrefDATATYPES.html">Datatypes</a>
</div>
<div>
<a href="udt.html">User Defined Types</a>
</div>
<div>
<a href="sqlrefxmldatatype.html">XML Column Type</a>
</div>
<div>
<a href="catidentifiers.html">Identifier Case & Quoting</a>
</div>
<div>
<a href="wideidentifiers.html">Wide Character Identifiers</a>
</div>
<div>
<a href="QUALIFIEDNAMES.html">Qualified Names</a>
</div>
<div>
<a href="litsbraceescs.html">Literals, Brace Escapes</a>
</div>
<div>
<a href="CREATETABLE.html">CREATE TABLE Statement</a>
</div>
<div>
<a href="DROPTABLE.html">DROP TABLE Statement</a>
</div>
<div>
<a href="CREATEINDEX.html">CREATE INDEX Statement</a>
</div>
<div>
<a href="DROPINDEX.html">DROP INDEX Statement</a>
</div>
<div>
<a href="ALTERTABLE.html">ALTER TABLE Statement</a>
</div>
<div>
<a href="CREATEVIEW.html">CREATE VIEW Statement</a>
</div>
<div>
<a href="CREATEXMLSCHEMA.html">CREATE XML SCHEMA Statement</a>
</div>
<div>
<a href="DROPXMLSCHEMA.html">DROP XML SCHEMA Statement</a>
</div>
<div>
<a href="sequenceobjects.html">Sequence Objects</a>
</div>
<div>
<a href="insertSTMT.html">INSERT Statement</a>
</div>
<div>
<a href="updatestmt.html">UPDATE Statement</a>
</div>
<div>
<a href="SELECTSTMT.html">SELECT Statement</a>
</div>
<div>
<a href="COMMIT_ROLLBACK.html">COMMIT WORK, ROLLBACK WORK Statement</a>
</div>
<div>
<a href="CHECKPOINT.html">CHECKPOINT, SHUTDOWN Statement</a>
</div>
<div>
<a href="spasviewsandtables.html">Stored Procedures as Views & Derived Tables</a>
</div>
<div class="selected">
<a href="GRANT.html">GRANT, REVOKE Statement</a>
</div>
<div>
<a href="SETstmt.html">SET Statement</a>
</div>
<div>
<a href="anytimequeries.html">Anytime Queries</a>
</div>
<div>
<a href="besteffortunion.html">Best Effort Union</a>
</div>
<div>
<a href="aggregates.html">Standard and User-Defined Aggregate Functions</a>
</div>
<div>
<a href="sqloptimizer.html">Virtuoso SQL Optimization</a>
</div>
<div>
<a href="sqlinverse.html">SQL Inverse Functions</a>
</div>
<div>
<a href="GRAMMAR.html">SQL Grammar</a>
</div>
<div>
<a href="BITMAPINDICES.html">Bitmap Indices</a>
</div>
<div>
<a href="transitivityinsQL.html">Transitivity in SQL</a>
</div>
<div>
<a href="sqlreffastphrasematch.html">Fast Phrase Match Processor</a>
</div>
<br />
</div>
<div id="text">
<a name="GRANT" />
<h2>8.23. GRANT, REVOKE Statement</h2>
<div>
<pre class="programlisting">
privilege_def
: GRANT ALL PRIVILEGES TO grantee
| GRANT privileges ON table TO grantee_commalist opt_with_grant_option
| GRANT grantee_commalist TO grantee_commalist opt_with_admin_option
;
privilege_revoke
: REVOKE ALL PRIVILEGES FROM grantee_commalist
| REVOKE privileges ON table FROM grantee_commalist
| REVOKE grantee_commalist FROM grantee_commalist
;
opt_with_grant_option
: /* empty */
| WITH GRANT OPTION
;
opt_with_admin_option
: /* empty */
| WITH ADMIN OPTION
;
privileges
: ALL PRIVILEGES
| ALL
| operation_commalist
;
operation_commalist
: operation
| operation_commalist ',' operation
;
operation
: SELECT priv_opt_column_commalist
| INSERT
| DELETE
| UPDATE priv_opt_column_commalist
| REFERENCES opt_column_commalist
| EXECUTE
| REXECUTE
| role_name
;
grantee_commalist
: grantee
| grantee_commalist ',' grantee
;
grantee
: PUBLIC
| user
;
user
: IDENTIFIER
role_name
: IDENTIFIER
</pre>
</div>
<p>
The GRANT and REVOKE statements are used to define privileges on resources to
users and user groups (roles). A resource is a table, view or stored procedure. A grantee
can be PUBLIC, meaning any present or future user accounts or a user name. Granting
a privilege to a user name means that this user AND any users which have this user as their
user group have the privilege.
</p>
<p>
Only a granted privilege can be revoked. The sequence:
</p>
<div>
<pre class="programlisting">
grant select on employee to public;
revoke select (e_review) from joe;
</pre>
</div>
<p>
Is invalid because the privilege being revoked was not granted, instead
it was implied by the select on all column to public.
</p>
<p>
Any role name created by the CREATE ROLE statement is a valid grantee and a valid grantable operation.
</p>
<p>
The term 'effective privilege of a user' means the set of privileges
given to a user by virtue of 1. granting them to public 2. granting them to a role which is granted to the user or to a role either directly or indirectly granted to the user or 3. granting them, to the specific user.
The dba user and all users whose group is 'dba' have all privileges.
</p>
<p>
The phrase
</p>
<div>
<pre class="programlisting">
GRANT ALL PRIVILEGES TO user;
</pre>
</div>
<p>
is synonymous with setting the user's group to 'dba'.
</p>
<p>
The effective privileges inside a trigger are those of the owner of the
table whose trigger is executing. The privilege of executing a trigger is derived from the
privilege of performing the trigger action, e.g. update of a specific column.
</p>
<p>
The effective privilege inside a stored procedure is that of the owner of the procedure.
The privilege to execute a given procedure is granted with the
EXECUTE clause.
</p>
<div class="note">
<div class="notetitle">Note:</div>
<p>The grantee names are identifiers. This means that their case
can be converted to upper case unless they are quoted. The identifier case
conversion depends on the global CaseMode setting.
</p>
</div>
<p>
A user may grant or revoke privileges on resources of which he/she is the owner.
A user with effective dba privileges may manipulate any privileges.
</p>
<a name="" />
<div class="example">
<div class="exampletitle">Examples:</div>
<div>
<pre class="programlisting">
grant update ("Salary") on "Employees" to "Manager";
grant execute on "SalesReport" to "Accounting";
</pre>
</div>
</div>
<p>
<strong>GRANT REFERENCES</strong> is a privilege required by a
user on a table so that this user can create new tables referencing such tables
in foreign keys where he/she would otherwise be restricted.</p>
<div class="formalpara">
<strong>Remote SQL Data Sources</strong>
<p>To provide further consistent security to remote data, only the DBA
group is permitted to use the <span class="computeroutput">rexecute()</span>, unless
explicitly granted. Caution is required here since any user granted use of
<span class="computeroutput">rexecute()</span> has full control of the remote data source
set-up by the DBA, however limited to the overall abilities of the remote
user on the remote data source.</p>
</div>
<p>Users can be granted and denied access to
<span class="computeroutput">rexecute()</span> using the following syntax:</p>
<div>
<pre class="programlisting">
GRANT REXECUTE ON '<attached_dsn_name>' TO <user_name>
REVOKE REXECUTE ON '<attached_dsn_name>' FROM <user_name>
</pre>
</div>
<div class="formalpara">
<strong>UDTs</strong>
<p>Security of UDTs is maintained through normal SQL GRANT and REVOKE
statements via a simple extension. You can define the level of access to both native
and externally hosted UDTs. Grants for persistent user defined types
are persisted into the SYS_GRANTS table. Grants on temporary user defined
types are in-memory only and are lost (together with the temporary user defined
type definition) when the server is restarted.</p>
</div>
<p>There are two GRANT/REVOKE types for UDTs as follows:</p>
<ul>
<li>
<strong>EXECUTE</strong> - all methods and members of a class are accessible to the grantee.</li>
<li>
<strong>UNDER</strong> - the grantee can create subclasses of the class.</li>
</ul>
<div>
<pre class="programlisting">
GRANT/REVOKE EXECUTE on <user_defined_type>
GRANT/REVOKE UNDER on <user_defined_type>
</pre>
</div>
<div class="note">
<div class="notetitle">Note:</div>
<p>SQL modules, user defined types and SQL stored procedures are exposed
to GRANT/REVOKE in the same namespace, therefore care must be taken avoid
inadvertently granting to multiple objects at the same time.</p>
</div>
<div class="tip">
<div class="tiptitle">See Also:</div>
<p>
<a href="databaseadmsrv.html#vdbSTOREDPROCS">Virtual Database Procedures & Functions</a>
</p>
</div>
<table border="0" width="90%" id="navbarbottom">
<tr>
<td align="left" width="33%">
<a href="spasviewsandtables.html" title="Stored Procedures as Views & Derived Tables">Previous</a>
<br />Stored Procedures as Views & Derived Tables</td>
<td align="center" width="34%">
<a href="sqlreference.html">Chapter Contents</a>
</td>
<td align="right" width="33%">
<a href="SETstmt.html" title="SET Statement">Next</a>
<br />SET Statement</td>
</tr>
</table>
</div>
<div id="footer">
<div>Copyright© 1999 - 2009 OpenLink Software All rights reserved.</div>
<div id="validation">
<a href="http://validator.w3.org/check/referer">
<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0!" height="31" width="88" />
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" height="31" width="88" />
</a>
</div>
</div>
</body>
</html>
distrib
>
Fedora
>
14
>
x86_64
>
media
>
updates
>
by-pkgid
>
71d40963b505df4524269198e237b3e3
>
files
>
37
