5 Database Utilities
Managing Table privileges
The Eloquence database uses groups to manage database specific privileges. Table (or data set) specific privileges are granted to groups. When a user is associated with a group, it will gain all capabilities granted to the group.
The following table specific privileges are available:
- READ
- Group members are allowed to read the dataset
- WRITE
- Group members are allowed to write to the dataset This implies the READ privilege.
- ERASE
- Group members are allowed to erase the dataset.
A database context must be defined before managing database groups. The DBPRIV privilege is required to maintain database groups.
Syntax:
GRANT {ALL PRIVILEGES|privilege [,privilege ...]}
ON {ALL | "set-name" [,"set-name" ...]}
TO "group" [,"group" ...];
REVOKE {ALL PRIVILEGES|privilege [,privilege ...]}
ON {ALL | "set-name" [,"set-name" ...]}
FROM "group" [,"group" ...];
Description:
The GRANT statement is used to add the specified privileges to the given groups.
The REVOKE statement is used to remove the specified privileges from the given groups.
For example:
REVOKE ALL PRIVILEGES ON ALL FROM "users";
GRANT WRITE ON "CUSTOMERS","PARTS" TO "users";
GRANT READ ON ALL TO "users";
GRANT ERASE ON "HISTORY" TO "priv";
This will provide read access on all data sets to all members of the group "users" and write access to the data sets CUSTOMERS and PARTS. Members of the group "priv" are allowed to erase the data set "HISTORY".
Eloquence Database Manual - 19 DEC 2002