Try OpenEdge Now
skip to main content
SQL Development
Data Control Language and Security : Granting privileges : GRANT statement : Database-wide privileges
 
Database-wide privileges
Database-wide privileges grant the user DBA, RESOURCE, AUDIT_ADMIN, AUDIT_ARCHIVE, or AUDIT_INSERT privileges. Users with DBA privileges have the ability to access, modify, or delete a database object and to grant privileges to other users. RESOURCE privileges allow a user to create database objects. Users with AUDIT_ADMIN privileges can read the data from audit tables in audit-enabled databases. Users with AUDIT_ARCHIVE privileges can read, archive, and delete audit data. Users with AUDIT_INSERT privileges can insert application audit events into audit tables. For general information about implementing auditing, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
Syntax
The GRANT statement syntax for granting RESOURCE or DBA privileges is:
GRANT { RESOURCE, DBA, AUDIT_ADMIN, AUDIT_ARCHIVE, AUDIT_INSERT }
    TO user_identifier[ , user_identifier] , ...
    [ WITH GRANT OPTION ];
user_identifier
Identifies a username. For a tenant user, you must mention the fully qualified user name, username@domain_name, to grant access to a user.
username | username@domain_name
Note: By employing the WITH GRANT OPTION clause, you enable a user to grant the same privilege he or she has been granted to others. This clause should be used carefully due to its ability to affect database security. Example
Examples: GRANT RESOURCE statement
The following example demonstrates the use of the GRANT RESOURCE statement.
GRANT RESOURCE TO 'GSP';
In this case, GSP is granted the privilege to issue CREATE statements, and can therefore add objects, such as tables, to the database.
The following example demonstrates how a DBA grants DELETE and SELECT privileges to the user dbuser1 associated with domuser1 of a multi-tenant table:
GRANT DELETE ON cust_view TO dbuser1@domuser1 ;
GRANT SELECT ON newcustomers TO dbuser2@domuser1 ;
The user dbuser1, dbuser2 must be associated with the domain name domuser1 in the multi-tenant table.