Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ENTRY

AFTER

POSITION

More Information

db privs

alias

table privs

column privs

identifier

More Information

More Information

More Information

RDB/VMS SQL REVOKE — VMS RDB_4.1_M

 Removes privileges from or entirely deletes an entry in a
 database, table, or column ACL.  REVOKE ENTRY deletes the entire
 entry in the ACL, including the identifier.

 REVOKE -----------------------+
                               |
 +------------<----------------+
 ++-> db-privs -> ON DATABASE ALIAS -+-> alias --+-----+-+
  |                                  +----- , <--+     | |
  +-> table-privs -> ON -+-----------+---+             | |
  |                      +-> TABLE --+   |             | |
  |          +---------------------------+             | |
  |          +-+-+-> table-name --+-+------------------+ |
  |            | +-> view-name ---+ |                  | |
  |            +------- , <---------+                  | |
  |                                                    | |
  +-> column-privs --> ON COLUMN -+-> column-name --+--+ |
                                  +------- , <------+    |
 +----------------------<--------------------------------+
 +-> FROM ++-> identifier -++--------------------------+-+-> ;
          |+-> PUBLIC -----++-> AFTER +-> identifier +-+ |
          |                 |         +-> PUBLIC ----+ | |
          |                 +-> POSITION n ------------+ |
          +------------------ , <------------------------+

Additional information available:

ENTRYAFTERPOSITION

More Informationdb privsaliastable privscolumn privsidentifier

More Information

 The REVOKE statement removes privileges from or entirely deletes
 an entry to the Rdb/VMS access control list (ACL) for a
 database, table, or column.  Each entry in an ACL consists of an
 identifier and a list of privileges assigned to the identifier:

  o  Each identifier specifies a user or a set of users.

  o  The list of privileges specifies what operations that user
     or user group can perform on the database or table.

 When a user tries to perform an operation on a database, SQL
 reads the associated ACL from top to bottom, comparing the
 identifier of the user with each entry.  As soon as SQL finds
 the first match, it revokes the rights listed in that entry and
 stops the search.  All UICs that do not match a previous entry
 "fall through" to the entry [*,*], if it exists.  If there is no
 entry with the UIC [*,*], then unmatched UICs are denied all
 access to the database or relation.

 For this reason both the entries themselves and their order in
 the list are important.

db privs

 One or more of the following privileges you want to remove from
 an existing access privilege set entry or create in a new one:

 db-privs=

  ---+---+-+-> SELECT -----+-+----+->
     |   | +-> INSERT -----+ |    |
     |   | +-> OPERATOR ---+ |    |
     |   | +-> DELETE -----+ |    |
     |   | +-> CREATETAB --+ |    |
     |   | +-> ALTER ------+ |    |
     |   | +-> DROP -------+ |    |
     |   | +-> DBCTRL -----+ |    |
     |   | +-> DBADM ------+ |    |
     |   | +-> SHOW -------+ |    |
     |   | +-> REFERENCES -+ |    |
     |   | +-> UPDATE -----+ |    |
     |   | +-> SECURITY ---+ |    |
     |   | +-> DISTRIBTRAN + |    |
     |   +--------, <--------+    |
     +---+---> ALL PRIVILEGES -+--+
         +---> ENTRY ----------+

 To revoke all privileges on the database, specify the ALL
 keyword instead of a set of privileges.  To delete an ACL entry
 altogether, specify the ENTRY keyword.

 You must attach all databases that you refer to in a REVOKE
 statement.  If you use the default database, you must use the
 alias RDB$DBHANDLE to work with the access privilege set for the
 database.

alias

 The alias of a database that is part of the current session.

table privs

 One or more of the following privileges you want to remove from
 an existing access privilege set entry or create in a new one:

 table-privs=

 -+--+-+-> SELECT -----------------------------+-+--+-->
  |  | +-> INSERT -----------------------------+ |  |
  |  | +-> DELETE -----------------------------+ |  |
  |  | +-> CREATETAB --------------------------+ |  |
  |  | +-> ALTER ------------------------------+ |  |
  |  | +-> DROP -------------------------------+ |  |
  |  | +-> DBCTRL -----------------------------+ |  |
  |  | +-> SHOW -------------------------------+ |  |
  |  | +-> REFERENCES  +-----------------------+ |  |
  |  | |               +>( +> column-name +> )-+ |  |
  |  | |                   +----- , <-----+    | |  |
  |  | +-> UPDATE -+---------------------------+ |  |
  |  |             +>( +> column-name +----> )-+ |  |
  |  |                 +----- , <-----+          |  |
  |  +------------------- , <--------------------+  |
  +---+--> ALL PRIVILEGES --+-----------------------+
      +--> ENTRY -----------+

 To revoke all privileges on the table, specify the ALL keyword
 instead of a set of privileges.  To delete an ACL entry
 altogether, specify the ENTRY keyword.

column privs

 One or more of the following privileges you want to remove from
 an existing access privilege set entry or create in a new one:

 column-privs=

 ---+-+-+-> UPDATE -----+-+--+-->
    | | +-> REFERENCES -+ |  |
    | +------- , <--------+  |
    +---+-> ALL PRIVILEGES -++
        +-> ENTRY ----------+

 To revoke all privileges on the column, specify the ALL keyword
 instead of a set of privileges.  To delete an ACL entry
 altogether, specify the ENTRY keyword.

ENTRY

 REVOKE ENTRY deletes the entire entry in the ACL, including the
 identifier.

identifier

 Specifies the identifiers for the ACL entry to be modified or
 deleted.

 identifier =

 --+-+-> uic-identifier -----+-+->
   | +-> general-identifier -+ |
   | +-> system-identifier  -+ |
   +------------ + <-----------+

 The identifiers are standard VMS identifiers.  There are three
 types:  UIC identifiers, general identifiers, and system-defined
 identifiers.

 Specifying PUBLIC is equivalent to using the UIC identifier
 [*,*].  You can specify more than one identifier by combining
 them with plus signs (+).  Such identifiers are called multiple
 identifiers.  They identify only users who are common to all the
 groups defined by the individual identifiers.  Users who do not
 match all the identifiers are not controlled by that entry.

AFTER

 Specifies the position of the entry within the ACL to be
 modified or deleted.  If you omit the AFTER argument, SQL
 searches the entire ACL for an identifier list that matches the
 one specified in the FROM clause of the REVOKE statement.  If it
 finds a match, it modifies the ACL entry by deleting the
 privileges specified in the privilege list.  If there is no
 match, SQL generates an error and the REVOKE statement has no
 effect on the ACL.

 In the AFTER argument, the identifier specifies the entry in the
 ACL after which SQL begins its search for the entry to be
 modified or deleted.  If none of the entries in the ACL has an
 identifier that matches the identifier specified in the AFTER
 argument, SQL generates an error and the statement fails.

 Select More_Information to continue.

Additional information available:

More Information

More Information

 Starting after the entry specified by the identifier in the
 AFTER argument, SQL searches entries in the ACL.  If an entry
 has an identifier that matches the identifier specified by the
 FROM clause of the REVOKE statement, SQL modifies or deletes
 that ACL entry.

 If none of the entries has an identifier that matches the
 identifier specified by the FROM clause of the REVOKE statement,
 SQL generates an error and the statement fails (even if an entry
 before the position at which SQL began its search had an
 identifier that matched).

 Specifying PUBLIC in the AFTER clause is the same as specifying
 the UIC identifier [*,*].

 At the column level, you can only revoke a column privilege that
 has been explicitly granted for a column.

POSITION

 Specifies the position of the entry within the ACL to be
 modified or deleted.  If you omit the POSITION argument, SQL
 searches the entire ACL for an identifier list that matches the
 one specified in the FROM clause of the REVOKE statement.  If it
 finds a match, it modifies the ACL entry by deleting the
 privileges specified in the privilege list.  If there is no
 match, SQL generates an error and the REVOKE statement has no
 effect on the ACL.

 Select More_Information to continue.

Additional information available:

More Information

More Information

 In the POSITION argument, the integer specifies the earliest
 relative position in the ACL of the entry to be modified or
 deleted.  If the integer is larger than the number of entries in
 the ACL, SQL generates an error and the statement fails.
 Starting with the position specified by the POSITION argument,
 SQL searches entries in the ACL.  If an entry has an identifier
 that matches the identifier specified by the FROM clause of the
 REVOKE statement, SQL modifies or deletes that ACL entry.

 Select More_Information to continue.

Additional information available:

More Information

More Information

 If none of the entries has an identifier that matches the
 identifier specified by the FROM clause of the REVOKE statement,
 SQL generates an error and the statement fails (even if an entry
 before the position at which SQL began its search had an
 identifier that matched).

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026