RDB/VMS SQL GRANT — VMS RDB_4.1A
GRANT ────────────────────────┐ ┌───────────────<──────────────┘ └┬─> db-privs ─>
O
N
D
A
T
A
B
A
S
E
A
L
I
A
S ───┬─── alias ──┬────┬┐ │ └───── , <───┘ ││ ├─> table-privs ─>
O
N ─┬──────────┬─┬┬> table-name ─┬┬─┤│ │ └─>
T
A
B
L
E ─┘ │└> view-name ──┘│ ││ │ └──────── , <────┘ ││ └─> column-privs ────>
O
N
C
O
L
U
M
N ──┬─> column-name ──┬─┘│ └─────── , <──────┘ │ ┌────────────────────<───────────────────────────────────┘ └─>
T
O ┬┬─> identifier ┬─┬────────────────────────────┬─┬─>typebox (;) │└─>
P
U
B
L
I
C ────┘ ├─>
A
F
T
E
R ─┬─> identifier ─┬─┤ │ │ │ └─>
P
U
B
L
I
C ─────┘ │ │ │ └─>
P
O
S
I
T
I
O
N n ──────────────┘ │ └────────────────── , <──────────────────────────┘
Additional information available:
More Informationcolumn privstable privsdb privsaliasidentifier
More Information
The GRANT statement creates or adds privileges to an entry to
the Rdb/VMS access control list (ACL) for a database, table,
column, or view. Each entry in an ACL consists of an identifier
and a list of privileges assigned to the identifier:
o Each identifier specifies a user or a set of users.
o The list of privileges specifies what operations that user
or user group can perform on the database or table.
When a user tries to perform an operation on a database, SQL
reads the associated ACL from top to bottom, comparing the
identifier of the user with each entry. As soon as SQL finds
the first match, it grants the rights listed in that entry and
stops the search. All identifiers that do not match a previous
entry "fall through" to the entry [*,*] (equivalent to the SQL
keyword PUBLIC), if it exists. If there is no entry with the
identifier [*,*], then users with unmatched identifiers are
denied all access to the database or relation.
For this reason both the entries themselves and their order in
the list are important.
Under the Rdb/VMS default protection scheme, when you create a
new database, table or view, you get all access rights to that
object, including DBCTRL. All other users of that object are
given no access rights to it.
For information about ANSI-style privileges, please see the Help
topic GRANT_ANSI.
column privs
One or more of the following column privileges you want to add to an existing access privilege set entry or create in a new one: column-privs= ───┬─┬─┬─>
U
P
D
A
T
E ─────┬─┬──┬──> │ │ └─>
R
E
F
E
R
E
N
C
E
S ─┘ │ │ │ └─────── , <────────┘ │ └───┬─>
A
L
L typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ─┬┘ └─>
E
N
T
R
Y ──────────┘ To grant all privileges to specified column(s), specify the ALL keyword instead of a list of privileges. Granting ANSI style privileges at the column, table, or database level, grants access only to the columns, tables, or database specified in the GRANT statement.
table privs
One or more of the following table privileges you want to add to an existing access privilege set entry or create in a new one: table-privs= ─┬──┬─┬─>
S
E
L
E
C
T ─────────────────────────────┬─┬──┬──> │ │ ├─>
I
N
S
E
R
T ─────────────────────────────┤ │ │ │ │ ├─>
O
P
E
R
A
T
O
R ───────────────────────────┤ │ │ │ │ ├─>
D
E
L
E
T
E ─────────────────────────────┤ │ │ │ │ ├─>
C
R
E
A
T
E
T
A
B ──────────────────────────┤ │ │ │ │ ├─>
A
L
T
E
R ──────────────────────────────┤ │ │ │ │ ├─>
D
R
O
P ───────────────────────────────┤ │ │ │ │ ├─>
D
B
C
T
R
L ─────────────────────────────┤ │ │ │ │ ├─>
S
H
O
W ───────────────────────────────┤ │ │ │ │ ├─>
R
E
F
E
R
E
N
C
E
S ┬───────────────────────┤ │ │ │ │ │ └>( ┬> column-name ┬> )─┤ │ │ │ │ │ └───── , <─────┘ │ │ │ │ │ └─>
U
P
D
A
T
E ─┬───────────────────────────┤ │ │ │ │ └>( ┬> column-name ┬────> )─┘ │ │ │ │ └───── , <─────┘ │ │ │ └─────────────────── , <────────────────────┘ │ └──────>
A
L
L typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ──────────────────────────┘ To grant all privileges to specified table(s), specify the ALL keyword instead of a list of privileges.
db privs
One or more of the following privileges you want to add to an existing access privilege set entry or create in a new one: db-privs = ────┬───┬─┬─>
S
E
L
E
C
T ─────┬─┬────┬─> │ │ ├─>
I
N
S
E
R
T ─────┤ │ │ │ │ ├─>
O
P
E
R
A
T
O
R ───┤ │ │ │ │ ├─>
D
E
L
E
T
E ─────┤ │ │ │ │ ├─>
C
R
E
A
T
E
T
A
B ──┤ │ │ │ │ ├─>
A
L
T
E
R ──────┤ │ │ │ │ ├─>
D
R
O
P ───────┤ │ │ │ │ ├─>
D
B
C
T
R
L ─────┤ │ │ │ │ ├─>
D
B
A
D
M ──────┤ │ │ │ │ ├─>
S
H
O
W ───────┤ │ │ │ │ ├─>
R
E
F
E
R
E
N
C
E
S ─┤ │ │ │ │ ├─>
U
P
D
A
T
E ─────┤ │ │ │ │ ├─>
S
E
C
U
R
I
T
Y ───┤ │ │ │ │ └─>
D
I
S
T
R
I
B
T
R
A
N ┘ │ │ │ └────────, <────────┘ │ └───────>
A
L
L typebox (P)typebox (R)typebox (I)typebox (V)typebox (I)typebox (L)typebox (E)typebox (G)typebox (E)typebox (S) ────┘ To grant all privileges on the database, specify the ALL keyword instead of a list of privileges. Granting ANSI style privileges at the column, table, or database level, grants access only to the columns, tables, or database specified in the GRANT statement. You must attach all databases that you refer to in a GRANT statement. If you use the default database, you must use the alias RDB$DBHANDLE to work with the access privilege set for the database.
alias
The alias of a database that is part of the current session.
identifier
Specifies the identifiers for the new or modified ACL entry.
identifier =
──┬─┬─> uic-identifier ─────┬─┬─>
│ ├─> general-identifier ─┤ │
│ └─> system-identifier ─┘ │
└──────────── typebox (+) <───────────┘
The identifiers are standard VMS identifiers. There are three
types: UIC identifiers, general identifiers, and system-defined
identifiers.
Specifying PUBLIC is equivalent to using the UIC identifier
[*,*]. You can specify more than one identifier by combining
them with plus signs (+). Such identifiers are called multiple
identifiers. They identify only users who are common to all the
groups defined by the individual identifiers. Users that do not
match all the identifiers are not controlled by that entry.
AFTER
Specifies the position of the entry within the ACL to be modified or created. If you omit the AFTER argument, SQL searches the entire ACL for an identifier list matching the one specified in the TO clause of the GRANT statement. If it finds a match, it modifies the ACL entry by adding those privileges specified in the privilege list that are not already present in that entry. If there is no match, SQL creates a new entry at the beginning of the ACL. In the AFTER argument, the identifier specifies the entry in the ACL after which SQL begins its search for the entry to be modified or created. If none of the entries in the ACL has an identifier that matches the identifier specified in the AFTER argument, SQL generates an error and the statement fails. Select More_Information to continue.
Additional information available:
More Information
Starting after the entry specified by the identifier in the AFTER argument, SQL searches entries in the ACL. If an entry has an identifier that matches the identifier specified by the TO clause of the GRANT statement, SQL modifies that ACL entry by adding the privileges specified. If none of the entries has an identifier that matches the identifier specified by the TO clause of the GRANT statement, SQL creates a new ACL entry immediately following the identifier specified in the AFTER argument. Specifying PUBLIC in the AFTER clause is the same as specifying the UIC identifier [*,*].
POSITION
Specifies the position of the entry within the ACL to be modified or created. If you omit the POSITION argument, SQL searches the entire ACL for an identifier list matching the one specified in the TO clause of the GRANT statement. If it finds a match, it modifies the ACL entry by adding those privileges specified in the privilege list that are not already present in that entry. If there is no match, SQL creates a new entry at the beginning of the ACL. Select More_Information to continue.
Additional information available:
More Information
In the POSITION argument, the integer specifies the earliest relative position in the ACL of the entry to be modified or created. Starting with the position specified by the POSITION argument, SQL searches entries in the ACL. If an entry has an identifier that matches the identifier specified by the TO clause of the GRANT statement, SQL modifies that ACL entry by adding the privileges specified. Select More_Information to continue.
Additional information available:
More Information
If none of the entries have an identifier that matches the identifier specified by the TO clause of the GRANT statement, SQL creates a new entry for that identifier at the relative position specified in the POSITION argument (even if an entry before the position at which SQL began its search had an identifier that matched). If you specify a position higher than the number of entries in the list, SQL places the entry last in the ACL. For example, if you specify position 12 and there are only 10 entries in the list, the new entry is placed in position 11 and given that position number.