Manualshelf

SQL/MX 3.1 Reference Manual (H06.23+, J06.12+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
281282283284285286287288289290
SQL/MX Statements
HP NonStop SQL/MX Release 3.1 Reference Manual663850-001
2-200
Considerations for GRANT
Considerations for GRANT
Authorization Requirements
Unless you are a Security Administrator or the Super ID, to grant a privilege on an
object, you must have both that privilege and the right to grant that privilege. That is,
the privilege must have been issued to you WITH GRANT OPTION and not revoked. If
you lack authority to grant one or more of the specific privileges, the system returns a
warning (and does perform the grant of any of the specified privileges that you do have
authority to grant). If you have none of the specified privileges WITH GRANT OPTION,
the system returns an error.
If you are a Security Administrator, then you are exempt from the above restriction and
may grant a privilege without having the privilege. However, such grants may not be
made to PUBLIC or a Security Administrator or using WITH GRANT OPTION.
Security Administrators may hold a derived WGO privilege, in which case they may
grant that privilege like any other user (including to PUBLIC and using WITH GRANT
OPTION). This latter type of grant is included in the hierarchy of owner-derived grants.
If you are the Super ID, then your grant privileges depend on the Security
Administrator's Group. If the Security Administrator's Group is empty, then you may
grant any privilege on any object. Such grants behave like a GRANT BY authid-
grantor where the authid-grantor is the object owner.
If the Super ID is designated as a Security Administrator, then the Super ID has the
same privileges as any other Security Administrator plus the ability to execute GRANT
BY authid-grantor. If BY authid-grantor is omitted, then the implied grantor is
the Super ID instead of the object owner.
If the Security Administrator's Group is not empty and the Super ID is not designated
as a Security Administrator, the Super ID will have the same restrictions as any
ordinary user with respect to the GRANT statement.
Security Considerations
NonStop SQL/MX translates each authorization ID you specify into a 32-bit integer
value, and then stores the number in the system metadata tables. The stored
identification number, not the characters of the authorization ID, is used to identify the
user who holds privileges on the specified objects.
Privileges on Views
Granting a privilege on a view does not grant that privilege to the corresponding
column of the underlying table.