GRANT

Grants various privileges to the specified users of the database.

Grant database-wide privileges, such as system administration (DBA), general creation (RESOURCE), audit administration (AUDIT_ADMIN), audit archive (AUDIT_ARCHIVE), or audit insert (AUDIT_INSERT).

Grant various privileges on specific tables and views. Privilege definitions are stored in the system tables SYSDBAUTH, SYSTABAUTH, and SYSCOLAUTH for the database, tables, and columns, respectively.

Note: You must use separate commands to grant DBA or RESOURCE privileges with any of the AUDIT privileges. Using the same command to grant a user with DBA or RESOURCE privileges and any of the AUDIT privileges results in an error.

You must use the fully qualified username to grant privileges to tenant data in a multi-tenant table.

Syntax

GRANT { RESOURCE, DBA, AUDIT_ADMIN, AUDIT_ARCHIVE, AUDIT_INSERT }
TO user_identifier[ , user_identifier] , ...
[ WITH GRANT OPTION ];

Note: The GRANT DBA and GRANT RESOURCE statements do not support the WITH GRANT OPTION syntax.

Parameters

Allows the specified users to issue CREATE statements.

Allows the specified users to create, access, modify, or delete any database object, and to grant other users any privileges.

Grants the specified privileges on the table or view to the specified list of users.

Allows the specified users to grant their privileges or a subset of their privileges to other users. The WITH GRANT OPTION syntax is not supported by GRANT DBA and GRANT RESOURCE statements.

Syntax for granting privileges to specific tables and views

This is the syntax to grant privileges on specific tables and views:

GRANT {privilege[, privilege] , ...| ALL [ PRIVILEGES]}
ON table_name
TO {username[, username] , ...| PUBLIC }
[ WITH GRANT OPTION ] ;

Syntax for the privilege variable

This is the syntax for the privilege variable:

{ SELECT | INSERT | DELETE | INDEX
| UPDATE [ ( column , column , ... ) ]
| REFERENCES [ ( column , column , ... ) ]}

Syntax for assigning sequence privileges

Use the following syntax to assign sequence privileges:

GRANT [SELECT | UPDATE]
ON SEQUENCE schema.sequence
TO user_name[,user_name]...

Parameters

Allows specified user to read data from the sequence.

Allows specified user to modify data for the sequence.

Syntax to execute stored Java procedures

The following syntax is a variation on the GRANT statement that enables the user to execute stored Java procedures:

GRANT EXECUTE ON StoredJavaProcedureName()
TO {username[, username] , ...| PUBLIC }
[ WITH GRANT OPTION ] ;

Parameters

Allows the specified users to issue CREATE statements.

Allows the specified users to create, access, modify, or delete any database object, and to grant other users any privileges.

Identifies a username. For a tenant user, you must mention the fully qualified user name, username@domain_name, to grant access to a user.

Grants the specified privileges on the table or view to the specified list of users.

Allows the specified users to read data from the table or view.

Allows the specified users to add new rows to the table or view.

Allows the specified users to delete rows from the table or view.

Allows the specified users to create an index on the table or view.

Allows the specified users to modify existing rows in the table or view. If followed by a column list, the users can modify values only in the columns named.

Allows the specified users to refer to the table from other tables' constraint definitions. If followed by a column list, constraint definitions can refer only to the columns named.

For more detail on constraint definitions, see the Column constraints and Table constraints entries of this section.

Grants all privileges for the table or view including the ALTER privilege. The ALTER privilege gives the user the ability to ALTER TABLE statements for the given table.

Note: The ALTER privilege cannot currently be granted by itself.

Grants the ALTER privilege for the table or view. This privilege is granted as part of the ALL privilege and cannot be granted by itslef.

Grants the specified privileges on the table or view to any user with access to the system.

Allows the specified users to grant their privileges or a subset of their privileges to other users.

Examples

The following example illustrates the GRANT statement:

GRANT DELETE ON cust_view TO dbuser1 ;
GRANT SELECT ON newcustomers TO dbuser2 ;

If the username specified in a RESOURCE or DBA GRANT operation does not already exist, the GRANT statement creates a row in the SYSDBAUTH system table for the new username. This row is not deleted by a subsequent REVOKE operation.

Granting privileges to a user associated with a multi-tenant table

In the following example, a DBA grants DELETE and SELECT privileges to the user dbuser1 associated with domuser1 of a multi-tenant table:

GRANT DELETE ON cust_view TO dbuser1@domuser1 ;
GRANT SELECT ON newcustomers TO dbuser2@domuser1 ;

The user dbuser1, dbuser2 must be associated with the domain name domuser1 in the multi-tenant table.

For more information on SQL database user authentication and GRANT statement, see OpenEdge Getting Started: Identity Management.

Granting audit administration and audit archive privileges

In this example, audit administration and audit archive privileges are granted to bsmith:

GRANT AUDIT_ADMIN, AUDIT_ARCHIVE TO bsmith WITH GRANT OPTION;

Because these privileges are granted to bsmith WITH GRANT OPTION, bsmith may now grant these two privileges to other users.

In this example, the sequence generator grants user slsadmin the ability to modify the customer number sequence:

GRANT UPDATE
ON SEQUENCE pub.customer_sequence TO slsadmin;