602SQL Documentation Index  

Database Objects Privileges

Application objects are table definitions, queries definitions, transfer source texts and others. A privilege subject can gain these privileges to database objects:

  1. the privilege to use (select) an object (e.g. open a query, start a transfer);
  2. the privilege to overwrite (update) an object (e.g. redefine a table, change a transfer design);
  3. the privilege to delete an object;
  4. the privilege to grant its privileges to another users.

The privilege to create objects (insert records to system tables) is set separately - see System tables privileges.

The privilege to change (modify) an object won't apply if the subject isn't granted the privilege to use (i.e. read the definition) of the object.

Setting Object Privileges Interactively

Privileges for object or set of objects can be specified in the dialog window that appears after the Object privileges action from the popup menu of the selected objects.

In the upper part of the window you can select the privilege subject and control (or change, if you're an administrator) the setting of users into groups (or users and groups into roles) with the buttons. These buttons change their label according to the selected subject. In the lower part you can view and change (buttons Grant and Revoke) the privilege setting of the selected subject to the selected application object.

The Granted column displays, what privileges the subject has. If you have the privilege to grant privileges to this object, you can change them. The Effective column displays (without editing possibility), what object privileges really belong to the selected subjects - including privileges granted by being a member of a group or a role.

If you wish to set privileges for table contents (i.e. data privileges), use the Data privileges action. Removing the privilege to use a table applies only partially in the client interface - the table may always be opened (the table contents in the grid are set by data privileges), but you can't read its definition(in the Output window or by duplicating the object).

The privilege to use a domain or sequence type object is not checked "inside" 602SQL - in table definitions, in procedures etc.

Manipulating Object Privileges in a Program

There are methods GetObjPrivils a SetObjPrivils in the CDK interface in the TSQL602Connection class. You can't manipulate object privileges directly from SQL except for one exception - setting up the privilege to execute stored procedures using the GRANT command.