Using Roles to Grant Privileges

From InterBase
Jump to: navigation, search

Go Up to Planning Security

In InterBase, you can assign privileges through the use of roles. Acquiring privileges through a role is a four-step process.

1. Create a role using the CREATE ROLE statement.
CREATE ROLE rolename;
2. Assign one or more privileges to that role using GRANT.
GRANT privilegelist ON tablename TO rolename;
3. Use the GRANT statement once again to grant the role to one or more users.
GRANT rolename TO userlist;
The role can be granted WITH ADMIN OPTION, which allows users to grant the role to others, just as the WITH GRANT OPTION allows users to grant privileges to others.
4. At connection time, specify the role whose privileges you want to acquire for that connection.
CONNECT 'database' USER 'username' PASSWORD 'password' ROLE 'rolename';

Use REVOKE to remove privileges that have been granted to a role or to remove roles that have been granted to users.

See the Language Reference Guide for more information on CONNECT, CREATE ROLE, GRANT, and REVOKE.