Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR

NCR Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR, 1998. - 315 p.
Download (direct link): inntroduktionteradata1998.pdf
Previous << 1 .. 47 48 49 50 51 52 < 53 > 54 55 56 57 58 59 .. 76 >> Next


The following table shows the four possible permissions you can allot using GRANT LOGON.

GRANT LOGON Statement Clause Description
ON ALL AS DEFAULT Most general form. Grants LOGON for all clients to all users.
ON clientid AS DEFAULT Grants LOGON for a particular client to all users.
ON ALL TO username Grants LOGON for all clients to a particular user.
ON clientid TO username Most specific form. Grants LOGON to a particular user on a particular client.

You can retract the privileges awarded by a GRANT LOGON statement by using the REVOKE LOGON statement.

The first level of access to the Teradata RDBMS is at the level of the user and the database. The concepts of user and database are described in Chapter 12, “System Administration,”and are not reviewed here.

This topic discusses explicit access rights as controlled by the GRANT and REVOKE statements. These statements award or remove from a user or group of users one or more privileges on a database, user, table, view, or macro.

You must be an owner of the object being controlled or must have GRANT/REVOKE privileges on it before you can submit GRANT or REVOKE statements.

If the object is a view or macro, then the owner must also have the GRANT privilege and any other applicable privileges on the object or objects referenced by the view or macro.

11-8

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Resource Access Control

You cannot grant more privileges on an object than you have yourself on that object.

Privileges are any of the following:

CHECKPOINT DROP DATABASE INSERT
CREATE DATABASE DROP MACRO MACRO
CREATE MACRO DROP TABLE REFERENCES
CREATE TABLE DROP USER RESTORE
CREATE USER DROP VIEW SELECT
CREATE VIEW DUMP TABLE
DATABASE EXECUTE UPDATE
DELETE INDEX USER
VIEW

When a user explicitly grants privileges to another user or database, certain rules determine whether, how, and on what object the requested privilege is implemented.

The following table lists these restrictions.

Privilege Database or User Table, View, Macro
CREATE DATABASE CREATE USER CREATE granted for the specified space. Not applicable.
CREATE MACRO CREATE TABLE CREATE VIEW CREATE granted for the object type for the specified space. Not applicable.
DROP DATABASE DROP USER DROP granted for the specified space. Not applicable
• DROP MACRO • DROP TABLE • DROP VIEW DROP granted for the object type for the specified space. DROP granted for the specified macro, table, or view.
• DATABASE • USER CREATE and DROP granted for the specified space. Not applicable.
• MACRO • VIEW • TABLE CREATE and DROP granted for the object type for the specified space. Not applicable.

Introduction to the Teradata RDBMS for UNIX

11-9
Security and Integrity

Resource Access Control

Privilege Database or User Table, View, Macro
• DELETE • INSERT • SELECT • UPDATE Privilege applies to all tables or views in the specified database. For the grantee to use the granted rights on a view, the owner of the view must have appropriate privileges on the underlying table or tables or view or views of the view. Privilege applies only to the specified table or view. The owner of the view must have appropriate privileges on the underlying table or tables or view or views of the view.
• EXECUTE Privilege applies to all macros in the specified database. For the grantee to use the privilege on a macro, the owner of the macro must also have appropriate privileges on the objects referenced by that macro. Privilege applies to the specified macro only. The owner of the macro must have the appropriate privileges on the objects referenced by the macro.
ALL All privileges granted except: • GRANT and MONITOR privileges • ABORT SESSION MONITOR RESOURCE • MONITOR SESSION • SET SESSION RATE • SET RESOURCE RATE Grants EXECUTE and DROP on a macro. Grants: • DROP • DELETE • INSERT • SELECT • UPDATE • RESTORE • DUMP on a data table.

Grants:

• DROP

• DELETE,

• INSERT

• SELECT

• UPDATE on a view.

Grants:

• INSERT

• DUMP

• RESTORE

• CHECKPOINT on a journal table.

11-10

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Resource Access Control

Privilege Database or User Table, View, Macro
GRANT Any privilege that the user has on the user or database or on any of the objects it contains may be granted to any other user. Any privilege that the user has on the table may be granted to any other user or database. Any privilege that the user has on a view or macro may be granted to another user or database only if the owner of the view or macro has appropriate rights on the objects referenced by the view or marco.
DUMP RESTORE Privilege applies to all tables in the specified database. Privilege applies to the named data table or journal table only.
CHECKPOINT Privilege applies to the journal table in the specified database. Privilege applies to the named journal table.

Previous << 1 .. 47 48 49 50 51 52 < 53 > 54 55 56 57 58 59 .. 76 >> Next