602SQL Documentation Index  

Privileges Concerning Data in Database Tables

These (global) privileges can be assigned to data in a certain table:

  1. the privilege to read (select) values of some or all columns;
  2. the privilege to overwrite (update) values of some or all columns;
  3. the privilege to insert new records;
  4. the privilege to delete records;
  5. the privilege to grant one's own privileges to other users.

Besides that, similar privileges can be assigned to the individual table records, if it's enabled for the table (an exception to this is record inserting).

The privileges to create tables (insert records in the system table TABTAB), create objects (insert records in the system table OBJTAB) and create users (insert records in the system table USERTAB) are assigned differently - see System tables privileges.

The privileges to manipulate with objects (ask a query, delete procedure etc.) are described in another chapter - see Objects privileges.

Setting Data Privileges Interactively

If you select a table (or more tables) in the control panel, you can open a dialog for specifying access privileges for this table (or tables) contents with the Data privileges action. Only the global privileges valid for all records of the table can be set in this dialog. In the upper part of the window you can specify the subject of the privilege, and the buttons that change text according to the selected subject you can view (and an administrator may change) relations between the selected and other subjects. In the lower part of this dialog you can watch and change if necessary the subject privileges setup for this table.

In the first column Privilege is a list of privileges that can be defined for selected table (or set of tables). The list begins with privileges concerning each record as a whole - Inserting records, Deleting records and Granting privileges. Below these is for each table's column a pair Reading column <name> and Updating column <name> that allow you to specify privileges for reading and updating (modification). You can also select multiple lines and set the privileges for multiple entries simultaneously. If you manipulate with privileges for all columns regularly (e.g. remove a privilege to update all columns, grant a privilege to read all columns) there are two buttons at the bottom of the dialog - Select all read and Select all write, that mark incoherent set of rows in the grid thus allowing you to make changes only by a single click.

Privilege for selected rows is granted by clicking the Grant button and removed by the Revoke button - granted privilege is visible in the second column Granted.

The third column called Effective displays (without editing possibility) what table privileges really belong to a privilege subject - apart from the granted privileges also the privileges gained by being a member of a group or a role take part here.

Manipulating Data Privileges in a Program

Privileges can be set and get by utilizing SQL language methods described here.