Mimer SQL Documentation TOC PREV NEXT INDEX

Mimer SQL Developer Site

Defining Privileges

Privileges control the operations which users are allowed to perform in the database. Well-structured privileges are essential for maintaining data security.

There are three types of privileges:

System privileges are granted to the system administrator upon installation, and may be passed on to other idents. Objects and access privileges are initially granted only to the creator of an object. The creator may however pass the privileges on to other idents.

Granting and Revoking Privileges

Privileges are granted to idents with the GRANT statement and revoked from idents with the REVOKE statement.

All privileges may be granted with the `with grant option', which means that the receiver of the privilege in turn has the right to grant that privilege to other idents.

The creator of an object is automatically granted full privileges on that object with grant option. Thus the creator of:

When privileges that were granted with the `with grant option' are revoked, the right to grant those privileges to other idents is also revoked.

The `with grant option' can be revoked separately without revoking the privilege itself.

Idents may only grant privileges that they themselves possess to other idents, that is, idents cannot grant privileges to themselves.

Likewise, privileges may only be revoked by the grantor - idents cannot revoke privileges from themselves.

Certain operations are not controlled by explicit privileges, but may only be performed by the creator of the object involved. These operations include ALTER (with the exception of ALTER IDENT, which may be performed by either the ident himself or by the creator of the ident), DROP, and COMMENT.

Mimer
Mimer Information Technology AB
Voice: +46 18 780 92 00
Fax: +46 18 780 92 40
info@mimer.se
Mimer SQL Documentation TOC PREV NEXT INDEX