SQL/MX 2.x Reference Manual (H06.04+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

221

222

223

224

225

226

227

228

229

230

SQL/MX Statements

HP NonStop SQL/MX Reference Manual—540440-003

2-140

Considerations for GRANT

Authorization and Availability Requirements

To grant a privilege on an object, you must have both that privilege and the right to

grant that privilege. That is, the privilege must have been issued to you WITH GRANT

OPTION and not revoked. If you lack authority to grant one or more of the specific

privileges, the system returns a warning (and does perform the grant of any of the

specified privileges that you do have authority to grant). If you have none of the

specified privileges WITH GRANT OPTION, the system returns an error.

If the super ID user issues a GRANT statement using the BY authid-grantor

clause, the authid-grantor must hold the right to grant the specified privileges.

Security Considerations

NonStop SQL/MX translates each authorization ID you specify into a 32-bit integer

value, and then stores the number in the system metadata tables. The stored

identification number, not the characters of the authorization ID, is used to identify the

user who holds privileges on the specified objects.

Privileges on Views

Granting a privilege on a view does not grant that privilege to the corresponding

column of the underlying table.

Privileges on Stored Procedures

You can also manage security on a stored procedure by using the GRANT EXECUTE

and REVOKE EXECUTE statements. See GRANT EXECUTE Statement on

page 2-141 and REVOKE EXECUTE Statement on page 2-169.

Examples of GRANT

•

This example grants SELECT and DELETE privileges on a table, in addition to the

privilege of granting SELECT and DELETE privileges to others:

GRANT SELECT, DELETE ON TABLE sales.odetail

TO "sql.user1", "sql.user2" WITH GRANT OPTION;

•

This example grants UPDATE privileges on the named columns to PUBLIC:

GRANT UPDATE (start_date, ship_timestamp)

ON TABLE persnl.project TO PUBLIC;

•

This example includes the domain of the user. Because of the back-slash

character (\), you must use a delimited SQL identifier.

GRANT SELECT ON persnl.employee TO "DCS\sql.user1";