Client - Server Communication and Network Protocols

602SQL Server

Tracing and Logging Server Operation

Privileges and Privilege Subjects

Each user has a certain set of privileges to each object and data in 602SQL that specify what is the user allowed to do. The effective privileges are a sum of direct user privileges and the privileges the user is granted by being a member of some user groups of roles in some application.

SQL server refuses to make an action the user is not allowed to do. This protection works for all types of database access - using both the standard interface program or application programs created by the user.

SQL server allows the privileges to be granted or revoked to a user. You can also specify whether the user may utilize the privilege only for him or whether he may grant (and revoke) it to other users. Authors and administrators may grant their privileges (all or just some part) to other subjects. You can't grant the privileges you don't have in 602SQL.

Privileges can be assigned to a user, a user group or a role. Members of these sets are called privilege subjects. A privilege is always assigned to a certain subject.

Users and user groups are defined on the server. Their existence is independent on applications - the same users and user groups are present in each application in a single database. On the other hand, roles are objects present only inside an application. Different roles can be defined in each applications and roles have no significance outside its application. User groups and roles offer a tool to grant privileges to users - when users are part of a group or a role they gain the privileges assigned to the group or role. A user group can also be assigned to a role: the all users who are members of the user group gain the privileges assigned to the role.

A user can therefore be granted privileges by two methods:

• either the privileges are granted directly to the user
• or the privileges are granted to the user for being a member of some group or role.

The privileges gained by the second method appear in so-called effective privileges. Effective privileges are the result privileges the subject is granted. It's wiser to use the second method, because it's easier to assign a user to a role than granting him hundreds different privileges.

List of topics:

• Users and User Management
• User Groups and Group Maintenance
• Roles and Application Privileges
• Export and Import of All Users
• Privileges Concerning Data in Tables
• Privileges Concerning Individual Table Records
• Database Objects Privileges
• Automatically Granted Privileges
• System Tables' Privileges
• Checking Privileges when Executing SQL Statements
• User Privileges when Executing Stored Procedures and Evaluating Queries
• Ways of Logging In

Client - Server Communication and Network Protocols

602SQL Server

Tracing and Logging Server Operation