Granting Privileges to Multiple Users
Go Up to Multiple Privileges and Multiple Grantees
Contents
There are a number of techniques available for granting privileges to multiple users. You can grant the privileges to a list of users, to a UNIX group, or to all users (PUBLIC
). In addition, you can assign privileges to a role, which you then assign to a user list, a UNIX group, or to PUBLIC
.
Granting Privileges to a List of Users
To assign the same access privileges to a number of users at the same time, provide a comma-separated list of users in place of the single user name. For example, the following statement gives INSERT
and UPDATE
privileges for the DEPARTMENTS
table to users FRANCIS
, BEATRICE
, and HELGA
:
GRANT INSERT, UPDATE ON DEPARTMENTS TO FRANCIS, BEATRICE, HELGA;
Granting Privileges to a UNIX Group
OS-level account names are implicit in InterBase security on UNIX. A client running as a UNIX user adopts that user identity in the database, even if the account is not defined in the InterBase security database. Now OS-level groups share this behavior, and database administrators can assign SQL privileges to UNIX groups through SQL GRANT
/REVOKE
statements. This allows any OS-level account that is a member of the group to inherit the privileges that have been given to the group. For example:
GRANT UPDATE ON table1 TO GROUP group_name;
where group_name is a UNIX-level group defined in /etc/group.
Integration of UNIX groups with database security is not a SQL standard feature.
Granting Privileges to All Users
To assign the same access privileges for a table to all users, use the PUBLIC
keyword rather than listing users individually in the GRANT
statement.
The following statement grants SELECT
, INSERT
, and UPDATE
privileges on the DEPARTMENTS
table to all users:
GRANT SELECT, INSERT, UPDATE ON DEPARTMENTS TO PUBLIC;
PUBLIC
grants privileges only to users, not to stored procedures, triggers, roles, or views. Privileges granted to users with PUBLIC
can only be revoked from PUBLIC
.