User Guide : 12. Managing Permissions and Viewing Properties : Permissions Dialog
 
Share this page                  
Permissions Dialog
You can set permissions for the objects listed in Object Types with Permissions using the Permissions dialog. This dialog contains the General page.
General Page
The General page lets you specify the following options. What options are displayed depends on which type of object is selected in the Instance Explorer.
Grantees
Add and select grantees for the object from users, roles, groups, or the public
Permissions
Specify the permissions for the authorized grantees (all permissions, or explicit permissions). Explicit permissions and their options depend on the type of object selected.
Each permission has a corresponding preventing permission to specifically disallow the permission. For example, to prevent access to the database, you would select No Option (also called no access).
Access
Enables the specified grantees to connect to the specified database. By default, all authorization identifiers can connect to all public databases. Private databases, however, can be accessed only by users who are explicitly granted permission to access them. Access permission to a private database can be granted in any of the following ways:
Using a database grant
Selecting the database under access to non-granted databases on the Access page of the User dialog (see Access Page (User))
Connect Time Limit
Lets you specify the maximum time (in seconds) that a session can consume. By default, there is no connect time limit.
Copy Into
(Tables only) Enables grantees to copy the contents of the table to a data file, for example, using the INTO clause of the COPY statement
Copy From
(Tables only) Enables grantees to copy the contents of a file to the table, for example, using the FROM clause of the COPY statement
Create Procedure
Enables the specified grantees to create database procedures in the specified database. By default, all.
Create Sequence
Allows users to create, alter, and drop sequences in the specified database. By default, users can create, alter, and drop sequences.
Create Table
Enables the specified grantees to create tables in the specified database. By default, all authorization identifiers can create tables.
DB Admin
Gives the specified grantees unlimited database permissions for the specified database and the ability to impersonate another user. By default, the permission is granted to the DBA (owner) of the database and to any user with the security permission, such as the Ingres system administrator. For all other users, the default is to disallow unlimited database permissions.
Delete
(Tables and views only) Enables grantees to delete rows from the table or view, for example, using a DELETE statement
Execute
(Procedures only) Allows the grantees to execute the procedure
Idle Time Limit
Specifies the maximum time that a session can take between issuing statements. By default, there is no idle time limit.
Insert
(Tables and views only) Enables grantees to add rows to the table or view, for example, using an INSERT statement
Lockmode
Enables the specified grantees to issue the SET LOCKMODE statement. By default, all authorization identifiers can issue the SET LOCKMODE statement.
Next
(Sequences only) Enables grantees Next permissions on sequences
Query Cost Limit
Specifies the maximum cost per query on the specified database, in terms of disk I/O and CPU usage. By default, authorization identifiers are allowed an unlimited cost per query.
Query CPU Limit
Specifies the maximum CPU usage per query on the specified database. By default, authorization identifiers are allowed unlimited CPU usage per query.
Query IO Limit
Lets you specify the maximum number of I/O requests per query on the specified database. By default, authorization identifiers are allowed an unlimited number of I/O requests.
Query Page Limit
Lets you specify the maximum number of pages per query on the database. By default, all authorization identifiers are allowed an unlimited number of pages per query.
Query Row Limit
Lets you specify the maximum number of rows returned per query on the specified database. By default, authorization identifiers are allowed an unlimited number of rows per query.
Raise
(Events only) Allows grantees to raise the database event (using the RAISE DBEVENT statement)
References
(Tables only) Enables grantees to create tables that reference the table. A references grant can apply to all columns in the table, or only to a specific column.
If a user is not the owner and does not have the references permission on a table, that user cannot create a referential constraint that references the table.
Register
(Events only) Allows grantees to register to receive the database event (using the REGISTER DBEVENT statement)
Select
(Tables and views only) Enables grantees to select rows from the table or view, for example, using a SELECT statement or a WHERE clause
Select System Catalogs
Allows a session to query system catalogs to determine schema information. By default, sessions are allowed to query the system catalogs.
Session Priority
Determines whether a session is allowed to change its priority, and if so what its initial and highest priority can be. By default, a session cannot change its priority.
Table Statistics
Allows users to view and create database tables statistics. By default, authorization identifiers can view and create table statistics.
Update
(Tables and views only) Enables grantees to change existing rows in the table or view, for example, using an UPDATE statement. An update grant can apply to all columns in the table or view, or only to specific columns.
Update System Catalogs
Allows the specified grantees to update system catalogs. By default, authorization identifiers are not allowed to update system catalogs.
Revoke Policy
Lets you specify a revoke policy:
Default
Specifies that the default permissions are applied to the grantees selected
Restrict
Specifies that the permissions selected are not revoked if there are any dependent rights for the database permission
Cascade
Specifies that the dependent permissions are to be revoked (if rights were previously granted with Granted option selected)