602SQL Documentation Index  

Checking Privileges when Executing SQL Statements

SQL statements that insert, delete, or update data in records, check the appropriate privileges. If the connected user does not have sufficient privileges, the NO_RIGHTS error occurs and the statement is not executed.

When inserting a record, the global privilege to insert records into a table is checked. When deleting or updating, the user must have the global privilege to delete/update records (on the respective columns) or have the privilege to the record it is working with.

When creating, deleting or modifying objects in a schema (tables, trigger, stored procedures, etc.) the system tables privileges and object privileges are checked.

Privileges Required for a Query

The user must have the privilege to read all columns that are used in the conditions for selecting records (WHERE, HAVING clauses), otherwise the user could read values in columns that are not allowed.

Depending on the compatibility attribute SQLOPT_GLOBAL_REF_RIGHTS setting, the 602SQL Server requires one of the following:

Checking record privileges is slower than checking a value. Therefore, it is not recommended to use the second method for selecting records according to privilege settings of a large set.

Privileges Required to Read a Query

Reading a value from a result set requires the read privilege. If the user does not have this privilege, depending on the compatibility attribute SQLOPT_RD_PRIVIL_VIOL setting, one of the following will happen: