Library > Products > Pervasive PSQL > Pervasive PSQL v9 SP2 (9.5) > SQL Engine Reference > SQL Syntax Reference > GRANT

PreviousSQL Engine Reference (v9 SP2 (9.5) revision 1) Next

GRANT

Chapter contents

The GRANT statement creates new user IDs and gives permissions to specific users in a secured database.

Syntax 

GRANT CREATETAB | CREATEVIEW | CREATESP TO 
public-or-user-or-group-name [ , user-or-group-name ]... 
GRANT LOGIN TO user-password [ , user-password ]... 
[ IN GROUP group-name ] 
GRANT table-privilege ON < * | [ TABLE ] table-name [ owner-name ]>
TO user-or-group-name [ , user-or-group-name ]...

GRANT table-privilege ON table-name TO user-or-group-name 

table-privilege ::=	 ALL 

|  ALTER [ ( column-name [ , column-name ]... ) ] 
|  DELETE 
|  INSERT [ ( column-name [ , column-name ]... ) ] 
|  REFERENCES [ ( column-name [ , column-name ]... ) ] 
|  SELECT [ ( column-name [ , column-name ]... ) ] 
|  UPDATE [ ( column-name [ , column-name ]... ) ] 


table-name ::= [database-name.]user-defined table name  
database-name ::= name of the database to which the table belongs 
user-password ::= user-name [:]password 
public-or-user-or-group-name ::= PUBLIC | user-or-group-name 
user-or-group-name ::= user-name | group-name 
user-name ::= user-defined-name 
owner-name ::= user-defined-name

Remarks

CREATETAB, CREATESP, CREATEVIEW, and LOGIN TO arguments are extensions to the core SQL grammar. You can use the GRANT statement to grant privileges for CREATE TABLE, CREATE VIEW, and CREATE PROCEDURE, and to create a user account with password as a member of an already created group.

The following table shows the syntax for a given action:

To GRANT Privileges For This Action
Use This Syntax With GRANT
CREATE TABLE
CREATETAB
CREATE VIEW
CREATEVIEW
CREATE PROCEDURE
CREATESP
LOGIN AS GROUP MEMBER
LOGIN TO

Users and Groups

Relational security is based on the existence of a default user named "Master" who has full access to the database when security is turned on. When you turn security on, you will be required to specify a password for the Master user.

Security must be turned on to perform this statement.

The Master user can create groups and other users using the GRANT LOGIN TO, CREATE USER or CREATE GROUP commands and define data access permissions for these groups and users.

If you want to grant the same permissions to all users, you can grant them to the PUBLIC group. All users inherit the default permissions assigned to the PUBLIC group.

Note
If you wish to use groups, you must set up the groups before creating users.

User name and password must be enclosed in double quotes if they contain spaces or other non-alphanumeric characters.

For further information about users and groups, see Master User and Users and Groups in Advanced Operations Guide.

Owner Name

An owner name is a password required to gain access to a Btrieve file. There is no relation between an owner name and any system user name or database user name. You should think of an owner name as a simple file password.

If you have a Btrieve owner name set on a file that is a table in a secure ODBC database, the Master user of the ODBC database must use the owner name in any GRANT statement to grant privileges on the given table to any user, including the Master user.

After the GRANT statement containing the owner name has been issued for a given user, that user can access the specified table by logging into the database, without specifying the owner name each time.

If a user tries to access a table through ODBC that has a Btrieve owner name, the access will not be allowed unless the Master user has granted privileges on the table to the user, with the correct owner name in the GRANT statement.

If a table has an owner name with the Read-Only attribute, the Master user automatically has SELECT rights on this table without specifically granting himself/herself the SELECT rights with the owner name.

Examples

A GRANT ALL statement grants the INSERT, UPDATE, ALTER, SELECT, DELETE and REFERENCES rights to the specified user or group. In addition, the user or group is granted the CREATE TABLE right for the dictionary. The following statement grants all these privileges to user dannyd for table Class. 

GRANT ALL on Class to dannyd

The following statement grants the ALTER privilege to user debieq for table Class. 

GRANT ALTER on Class TO debieq

The following statement gives INSERT privileges to keithv and miked for table Class. 

GRANT INSERT ON Class TO keithv, miked

The following statement grants INSERT privileges on two columns, First_name and Last_name, in the Person table to users keithv and brendanb 

GRANT INSERT(First_name,last_name) ON Person to 
keithv,brendanb

The following statement grants CREATE TABLE rights to users aideenw and punitas 

GRANT CREATETAB TO aideenw, punitas

The following GRANT LOGIN TO statement grants login rights to a user named ravi and specifying his password as password. 

GRANT LOGIN TO ravi:password 
 




 Note


If the a user account that is granted login rights using the GRANT LOGIN TO statement does not currently exist, then it is created.

The user name and password here only refer to Pervasive PSQL databases and are not related to user names and passwords set at the operating system level. Pervasive PSQL user names, groups, and passwords can also be set through the Pervasive PSQL Control Center (PCC).

The following example grants login rights to users named dannyd and travisk and specifies their passwords as password and 1234567 respectively. 

GRANT LOGIN TO dannyd:password,travisk:1234567

If there are spaces in a name you may use double quotes as in the following example. This statement grants login rights to user named Jerry Gentry and Punita and specifies their password as sun and moon respectively 

GRANT LOGIN TO "Jerry Gentry":sun, Punita:moon

The following example grants the login rights to a user named Jerry Gentry with password 123456 and a user named travisk with password abcdef. It also adds them to the group pervasive_dev 

GRANT LOGIN TO "Jerry Gentry":123456, travisk:abcdef in 
group pervasive_dev

To grant privileges on a table that has a Btrieve owner name, the Master user has to supply the correct owner name in the GRANT statement.

The following example grants the SELECT rights to the Master user on table T1 that has a Btrieve owner name of "abcd." 

GRANT SELECT ON t1 'abcd' TO Master

The Master user has all rights on a table that does not have an owner name. You can set an owner name on a table with the Maintenance utility. The Btrieve owner name is case sensitive.

After the Master user performs the following set of SQL statements, the user "jsmith" has SELECT access to all tables in the current database. The user also has DELETE access to tab1 and UPDATE access to tab2. 

GRANT DELETE ON tab1 TO jsmith  
GRANT SELECT ON * TO jsmith  
GRANT UPDATE ON tab2 TO jsmith

If the following statement is performed later by any user with CREATE TABLE privileges, the user "jsmith" will have SELECT access to the newly created table. 

CREATE TABLE tab3 (col1 INT)  


GRANT CREATETAB TO user1  


GRANT CREATESP TO user1

See Also

CREATE GROUP

DROP GROUP

REVOKE

SET SECURITY

Chapter contents
Book contents

Prev topic: FOREIGN KEY
Next topic: GROUP BY