How Grants Restrict Data Access
Grants allow for data access to be restricted in the following ways:
• Operational restrictions (for example, Select, Insert, Update and Delete permissions applied to some or all of the columns of a table)
• Data value restrictions (data restrictions), which are implemented through views.
• Resource restrictions, which are permissions defined for the database as a whole, rather than individual tables or columns.
In a session where permissions are in effect, when you issue a query (for example, from an application or the SQL Scratchpad window in VDBA ) the query is passed to the DBMS Server. Vector then evaluates the grants on the tables involved in the query. If an operation does not pass an operational restriction, an error message is returned.
If an operation does not pass a data restriction, it means that views are being used and grants have been placed on the views, but the user authorization does not pass the grants on the data. In this case no error is returned, but the number of rows returned is affected. For example, if Mary is accessing a view that returns rows only from the Shoe department, then if she asks for information from the Toy department, no rows are returned.