Granting Privileges to Multiple Users

From InterBase
Jump to: navigation, search

Go Up to Multiple Privileges and Multiple Grantees

There are a number of techniques available for granting privileges to multiple users. You can grant the privileges to a list of users, to a UNIX group, or to all users (PUBLIC). In addition, you can assign privileges to a role, which you then assign to a user list, a UNIX group, or to PUBLIC.


Granting Privileges to a List of Users

To assign the same access privileges to a number of users at the same time, provide a comma-separated list of users in place of the single user name. For example, the following statement gives INSERT and UPDATE privileges for the DEPARTMENTS table to users FRANCIS, BEATRICE, and HELGA:

GRANT INSERT, UPDATE ON DEPARTMENTS TO FRANCIS, BEATRICE, HELGA;


Granting Privileges to a UNIX Group

OS-level account names are implicit in InterBase security on UNIX. A client running as a UNIX user adopts that user identity in the database, even if the account is not defined in the InterBase security database. Now OS-level groups share this behavior, and database administrators can assign SQL privileges to UNIX groups through SQL GRANT /REVOKE statements. This allows any OS-level account that is a member of the group to inherit the privileges that have been given to the group. For example:

GRANT UPDATE ON table1 TO GROUP group_name;

where group_name is a UNIX-level group defined in /etc/group.

Note: Integration of UNIX groups with database security is not a SQL standard feature.


Granting Privileges to All Users

To assign the same access privileges for a table to all users, use the PUBLIC keyword rather than listing users individually in the GRANT statement.

The following statement grants SELECT, INSERT, and UPDATE privileges on the DEPARTMENTS table to all users:

GRANT SELECT, INSERT, UPDATE ON DEPARTMENTS TO PUBLIC;
Important: PUBLIC grants privileges only to users, not to stored procedures, triggers, roles, or views. Privileges granted to users with PUBLIC can only be revoked from PUBLIC.


Advance To: