Examples

SQL Tutorial, Database Users and Their Privileges, Roles

Explanation

The privileges in the privilege specification (priv_spec or schema_priv_spec) are granted to the database users, user groups and roles specified in the grantee list.

<grantee>

The owner of an object for which privileges are granted is not allowed to be contained in the grantee list. A database user in the grantee list must not denote a member of a user group.

<role_name>

If a role is granted to a database user or user group, it extends the set of roles which can be activated for this database user or user group. The database user activates the role either with the SET statement or by including the role in the set of roles automatically activated when a session was opened with the ALTER USER statement or ALTER USERGROUP statement.

A cycle may not be created when a role is assigned to a role, meaning:

PUBLIC

The listed privileges are granted to all database users, both to current ones and to any created later.

A role cannot be assigned to PUBLIC.

WITH GRANT OPTION

Users or user groups identified as grantee are allowed to pass on their privileges to other users. The current user must have the relevant authorization to pass on these privileges.

The WITH GRANT OPTION cannot be specified if grantee identifies a role.

GRANT <schema_priv_spec>

GRANT CREATEIN ON is used to grant the user identified by grantee authorization to create database objects in the specified schema.

GRANT DROPIN ON is used to grant the user identified by grantee authorization to delete database objects in the specified schema.

GRANT EXECUTE ON

GRANT EXECUTE ON allows the user identified by grantee to execute the specified database procedure or database function. The current user must be the owner of the database procedure or database function.

GRANT SELECT ON

GRANT SELECT ON allows the user identified by grantee to use the specified sequence.