DEFINE PERMIT--Add Table Permissions
Valid in: QUEL, EQUEL
Adds permissions to a table.
This statement has the following format:
[##] define permit oplist on | of | to range_var
[(columnname {, columnname})] to user_name | all [at term]
[from time to time] [on day1 to day2] [where qual]
The define permit statement adds permissions to the table specified by range_var. The following lists the define permit statement parameters:
oplist
Specifies a comma-separated list of any of the following operations: retrieve, replace, delete, append, or all
user_name
Specifies the login name of a user or the word all (meaning all users)
term
Must be one of the following: a two-character generic device name, such as tt, rt, tx or op, a three-character device name, such as tta or ttb, or a four-character terminal identifier, such as tta1 or ttb4. All terminal names that match the specified term names are given the permissions. Omitting this phrase is equivalent to specifying all.
time
Must be specified in hh:mm format, using the twenty-four hour clock. Time specifies the times of the day during which this permission applies. At other times, the permission is not granted.
days
Must be three-character abbreviations for days of the week (mon, tue, wed, thu, fri, sat, sun).
The DBMS Server appends the where clause to the specified type of query (append, retrieve, replace, or delete) when the query is executed by the specified user. To append, replace, and delete columns using a where clause, a user must have retrieve permission for the columns. Do not specify column names in a define permit for the delete statement (because you delete rows, not columns).
When you define permissions, the DBMS Server "ands" the separate parts of a single define permit statement and "ors" separate define permit statements. For example, if you issue the following define permit statement:
define permit replace on e to eric at tta4 [...]
the permit applies only to "eric" when logged in on "tta4", but if you issue two define permit statements:
define permit replace of e to eric at tta4 [...]
define permit retrieve of e to all at all [...]
When "eric" logs in at "tta4", his login is affected by the union of the permissions specified by the two statements. That is, "eric" can both retrieve and update data from the "employee" table. If "eric" logs in at "ttb2", he is granted only the permissions specified in the second define permit statement: he can only retrieve rows from the employee table. If another user logs in on "tta4" or any other terminal, he or she is granted only the permissions specified in the second define permit statement.
You must be the DBA to issue the define permit statement. The database administrator (DBA) is typically responsible for maintaining database security using permissions. Permissions cannot be granted to users on a table that is not owned by the DBA.
Permissions cannot be defined on views, although the DBMS Server honors permissions defined on the base tables on which the view is based.
Last modified date: 08/14/2024