Show TOC

Granting Object PermissionsLocate this document in the navigation structure

Object permissions are granted to users, groups, and roles to give them the right to perform operations on particular database objects. PowerDesigner allows you to define permissions on tables, views, columns, procedures, packages, and other objects depending on your DBMS.

Context

System privileges are used in association with object permissions (see Granting System Privileges) to evaluate the rights of a user, group, or role.

Note The owner of an object (see Assigning an Owner to an Object) automatically has permission to carry out any operation on that object. These permissions do not appear in the Permissions tab of the object property sheet but they are implemented during generation and reverse engineering.

Procedure

  1. Open the property sheet of a user, role, or group, and click the Permissions tab. A sub-tab is displayed for each type of object supporting permissions. The columns in the list on each tab show the permissions available for a given type of object in the current DBMS (for example, Select, Insert, Alter, Delete, Update, etc).

    The permissions available for each type of object are defined in the DBMS definition file. To review and edit the list of available permissions, select Start of the navigation path Database Next navigation step Edit Current DBMS End of the navigation path, select the item Start of the navigation path Script Next navigation step Objects Next navigation step <object_type> Next navigation step Permission End of the navigation path, and edit the list as appropriate. The syntax for inserting permissions in your scripts is defined in the Start of the navigation path Script Next navigation step Objects Next navigation step Permission End of the navigation path category. For more information, see Customizing and Extending PowerDesigner > DBMS Definition Files > Script/Objects Category.

    Note You can assign permissions for multiple users, groups, and roles to an object on the Permissions tab of its property sheet.
  2. Click the Add Objects tool to choose one or more objects of the present type, and click OK to add them to the list to assign permissions. If the user belongs to a group with permissions on the added objects, these permissions appear in red in the list.
  3. [optional] Click the Show All Inherited Permissions or Hide Inherited Permissions tool to show or hide permissions that have been inherited from a group. Inherited permissions are red, while permissions directly granted to the user are blue.
  4. [optional] To change the state of a permission (whether granted directly, or inherited from a group), click in the appropriate column to cycle through the available states, or click on the appropriate tools in the Permission state group box at the bottom of the tab:

    Permission

    Description

    Grant – Assigns the permission to the user.

    Inherited/None - Reverts the cell to the inherited state.

    Revoke – Revokes the permission inherited from a group or role for the current user or group.

    Grant with admin option - Assigns the permission to the user, and allows the recipient to pass on the permission to other users, groups, or roles.

    Revoke with cascade – Revokes the permission inherited from a group or role for the current user or group and revokes any permission granted by the user.



  5. [optional] For tables, you can specify permissions on individual columns (see Defining Column Permissions).
  6. When the permissions are correct, click OK to return to the model.