Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

AFTER

POSITION

More Information

column privs

table privs

schema privs

identifier

More Information

More Information

More Information

RDB/VMS SQL GRANT — VMS RDB_3.1A

  GRANT ────────────────────────┐
 ┌───────────────<──────────────┘
 └┬─> schema-privs ─> 
O

N

S

C

H

E

M

A
typebox (A)typebox (U)typebox (T)typebox (H)typebox (O)typebox (R)typebox (I)typebox (Z)typebox (A)typebox (T)typebox (I)typebox (O)typebox (N) ─┬─> auth-id ─┬─┬┐ │ └───── , <───┘ ││ ├─> table-privs ─> 
O

N
─┬──────────┬┬─> table-name ──┬───────┤│ │ └─> 
T

A

B

L

E
─┘└─> view-name ───┘ ││ │ ││ └─> column-privs ────> 
O

N

C

O

L

U

M

N
──┬─> column-name ──┬──────┘│ └─────── , <──────┘ │ │ │ ┌────────────────────<────────────────────────────────────────┘ └─> 
T

O
─┬─┬─> identifier ─┬─┬────────────────────────────┬─┬─>typebox (;) │ └─> 
P

U

B

L

I

C
─────┘ ├─> 
A

F

T

E

R
─┬─> identifier ─┬─┤ │ │ │ └─> 
P

U

B

L

I

C
─────┘ │ │ │ └─> 
P

O

S

I

T

I

O

N
n ──────────────┘ │ └──────────────────── , <──────────────────────────┘

Additional information available:

AFTERPOSITION

More Informationcolumn privstable privsschema privsidentifier

More Information

 The GRANT statement creates or adds privileges to an entry to
 the Rdb/VMS access control list (ACL) for a database, table,
 column, or view.  Each entry in an ACL consists of an identifier
 and a list of privileges assigned to the identifier:

  o  Each identifier specifies a user or a set of users.

  o  The list of privileges specifies what operations that user
     or user group can perform on the database or table.

 When a user tries to perform an operation on a database, SQL
 reads the associated ACL from top to bottom, comparing the
 identifier of the user with each entry.  As soon as SQL finds
 the first match, it grants the rights listed in that entry and
 stops the search.  All identifiers that do not match a previous
 entry "fall through" to the entry [*,*] (equivalent to the SQL
 keyword PUBLIC), if it exists.  If there is no entry with the
 identifier [*,*], then users with unmatched identifiers are
 denied all access to the database or relation.

 For this reason both the entries themselves and their order in
 the list are important.

column privs

 One or more of the following column privileges you want to add
 to an existing access privilege set entry or create in a new
 one:

 column-privs=

 ───┬─┬─┬─> 
U

P

D

A

T

E
─────┬─┬──┬──> │ │ └─> 
R

E

F

E

R

E

N

C

E

S
─┘ │ │ │ └─────── , <────────┘ │ └───┬─> 
A

L

L
typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ─┬┘ └─> 
E

N

T

R

Y
──────────┘ To grant all privileges to specified column(s), specify the ALL keyword instead of a list of privileges. Granting ANSI style privileges at the column, table, or schema level, grants access only to the columns, tables, or schema specified in the GRANT statement.

table privs

 One or more of the following table privileges you want to add to
 an existing access privilege set entry or create in a new one:

 table-privs=

 ─┬──┬─┬─> 
S

E

L

E

C

T
─────────────────────────────┬─┬──┬──> │ │ ├─> 
I

N

S

E

R

T
─────────────────────────────┤ │ │ │ │ ├─> 
O

P

E

R

A

T

O

R
───────────────────────────┤ │ │ │ │ ├─> 
D

E

L

E

T

E
─────────────────────────────┤ │ │ │ │ ├─> 
C

R

E

A

T

E

T

A

B
──────────────────────────┤ │ │ │ │ ├─> 
A

L

T

E

R
──────────────────────────────┤ │ │ │ │ ├─> 
D

R

O

P
───────────────────────────────┤ │ │ │ │ ├─> 
D

B

C

T

R

L
─────────────────────────────┤ │ │ │ │ ├─> 
S

H

O

W
───────────────────────────────┤ │ │ │ │ ├─> 
R

E

F

E

R

E

N

C

E

S
┬───────────────────────┤ │ │ │ │ │ └>( ┬> column-name ┬> )─┤ │ │ │ │ │ └───── , <─────┘ │ │ │ │ │ └─> 
U

P

D

A

T

E
─┬───────────────────────────┤ │ │ │ │ └>( ┬> column-name ┬────> )─┘ │ │ │ │ └───── , <─────┘ │ │ │ └─────────────────── , <────────────────────┘ │ └──────> 
A

L

L
typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ──────────────────────────┘ To grant all privileges to specified table(s), specify the ALL keyword instead of a list of privileges.

schema privs

 One or more of the following privileges you want to add to an
 existing access privilege set entry or create in a new one:

 schema-privs=

 ────┬───┬─┬─> 
S

E

L

E

C

T
─────┬─┬────┬─> │ │ ├─> 
I

N

S

E

R

T
─────┤ │ │ │ │ ├─> 
O

P

E

R

A

T

O

R
───┤ │ │ │ │ ├─> 
D

E

L

E

T

E
─────┤ │ │ │ │ ├─> 
C

R

E

A

T

E

T

A

B
──┤ │ │ │ │ ├─> 
A

L

T

E

R
──────┤ │ │ │ │ ├─> 
D

R

O

P
───────┤ │ │ │ │ ├─> 
D

B

C

T

R

L
─────┤ │ │ │ │ ├─> 
D

B

A

D

M
──────┤ │ │ │ │ ├─> 
S

H

O

W
───────┤ │ │ │ │ ├─> 
R

E

F

E

R

E

N

C

E

S
─┤ │ │ │ │ └─> 
U

P

D

A

T

E
─────┘ │ │ │ └────────, <────────┘ │ └───────> 
A

L

L
typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ────┘ To grant all privileges on the schema, specify the ALL keyword instead of a list of privileges. Granting ANSI style privileges at the column, table, or schema level, grants access only to the columns, tables, or schema specified in the GRANT statement. You must declare all schemas that you refer to in a GRANT statement. If you use the default schema declaration, you must use the authorization identifier RDB$DBHANDLE to work with the access privilege set for the schema.

identifier

 Specifies the identifiers for the new or modified ACL entry.

 identifier =

 ──┬─┬─> uic-identifier ─────┬─┬─>
   │ ├─> general-identifier ─┤ │
   │ └─> system-identifier  ─┘ │
   └──────────── typebox (+) <───────────┘

 The identifiers are standard VMS identifiers.  There are three
 types:  UIC identifiers, general identifiers, and system-defined
 identifiers.

 Specifying PUBLIC is equivalent to using the UIC identifier
 [*,*].  You can specify more than one identifier by combining
 them with plus signs (+).  Such identifiers are called multiple
 identifiers.  They identify only users who are common to all the
 groups defined by the individual identifiers.  Users that do not
 match all the identifiers are not controlled by that entry.

AFTER

 Specifies the position of the entry within the ACL to be
 modified or created.  If you omit the AFTER argument, SQL
 searches the entire ACL for an identifier list matching the one
 specified in the TO clause of the GRANT statement.  If it finds
 a match, it modifies the ACL entry by adding those privileges
 specified in the privilege list that are not already present in
 that entry.  If there is no match, SQL creates a new entry at
 the beginning of the ACL.

 In the AFTER argument, the identifier specifies the entry in the
 ACL after which SQL begins its search for the entry to be
 modified or created.  If none of the entries in the ACL has an
 identifier that matches the identifier specified in the AFTER
 argument, SQL generates an error and the statement fails.

 Select More_Information to continue.

Additional information available:

More Information

More Information

 Starting after the entry specified by the identifier in the
 AFTER argument, SQL searches entries in the ACL.  If an entry
 has an identifier that matches the identifier specified by the
 TO clause of the GRANT statement, SQL modifies that ACL entry by
 adding the privileges specified.  If none of the entries has an
 identifier that matches the identifier specified by the TO
 clause of the GRANT statement, SQL creates a new ACL entry
 immediately following the identifier specified in the AFTER
 argument.

 Specifying PUBLIC in the AFTER clause is the same as specifying
 the UIC identifier [*,*].

POSITION

 Specifies the position of the entry within the ACL to be
 modified or created.  If you omit the POSITION argument, SQL
 searches the entire ACL for an identifier list matching the one
 specified in the TO clause of the GRANT statement.  If it finds
 a match, it modifies the ACL entry by adding those privileges
 specified in the privilege list that are not already present in
 that entry.  If there is no match, SQL creates a new entry at
 the beginning of the ACL.

 Select More_Information to continue.

Additional information available:

More Information

More Information

 In the POSITION argument, the integer specifies the earliest
 relative position in the ACL of the entry to be modified or
 created.  Starting with the position specified by the POSITION
 argument, SQL searches entries in the ACL.  If an entry has an
 identifier that matches the identifier specified by the TO
 clause of the GRANT statement, SQL modifies that ACL entry by
 adding the privileges specified.

 Select More_Information to continue.

Additional information available:

More Information

More Information

 If none of the entries have an identifier that matches the
 identifier specified by the TO clause of the GRANT statement,
 SQL creates a new entry for that identifier at the relative
 position specified in the POSITION argument (even if an entry
 before the position at which SQL began its search had an
 identifier that matched).

 If you specify a position higher than the number of entries in
 the list, SQL places the entry last in the ACL.  For example, if
 you specify position 12 and there are only 10 entries in the
 list, the new entry is placed in position 11 and given that
 position number.

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026