Manualshelf

ALLBASE/SQL Reference Manual (36216-90216)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System
71727374757677787980
Chapter 2 77
Using ALLBASE/SQL
Controlling Database Access
grantee is a group. The following statement grants UPDATE authority to Amanda, who can
then grant that authority to individual users or a class:
GRANT UPDATE ON Marketing.Forecast TO AMANDA@DBMS WITH GRANT OPTION;
Users with a grantable privilege can only revoke privileges they have granted and chains
they have caused. To revoke the privilege given to the grantee and any subsequent
grantees in a chain, the grantor must use the CASCADE option of the REVOKE statement.
Owners can revoke any privilege on their object, but to revoke a privilege that has been
given to subsequent grantees, the CASCADE option must be used. The DBA does not have to
use the CASCADE option to revoke a grantable privilege from a user. However, if CASCADE is
not used, that privilege is removed from the specified grantee only, not from the
subsequent chain of grants. Then, an orphaned privilege is created. An orphaned privilege
can be given a parent by the DBA with the BY clause of the GRANT statement. For more
information on orphaned privileges, refer to “Using the WITH GRANT OPTION Clause” in
the chapter “Database Creation and Security” in the ALLBASE/SQL Database
Administration Guide.
Ownership
The following six objects have owners associated with them:
Tables
Views
Authorization groups
Modules
Procedures
Rules
These objects can be owned by an individual, an authorization group, or a class; but an
object can have only one owner at a time.
An owner becomes associated with an object in one of several ways:
When an individual creates one of the five objects, that individual becomes its owner.
The owner name is derived from the individual's login name. To create a table or group,
you need DBA or RESOURCE authority. To create a module, you need DBA or CONNECT
authority. To create a view, you need DBA, SELECT, or OWNER authority for the tables
and views it is based on.
A DBA or the owner of an object can
transfer ownership
of the object to another
individual, a group, or a class by using the TRANSFER OWNERSHIP statement. The
ownership of modules cannot be transferred. WOLFGANG@DBMS can transfer
ownership of his Composers table to Wendy as follows:
TRANSFER OWNERSHIP OF TABLE Composers TO WENDY@ROBERTS
A DBA can create any of these objects and
name the owner
in the statement that
creates the object. Other users can name any group as owner when creating an object if
they are a member of that group. With the following statements, a DBA creates a group
called Managers; a DBA or a member of Managers can assign ownership of the table