firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-02-02 10:00:38 +01:00
Code Issues
573e93e5a6
firebird-mirror/doc/sql.extensions/README.ddl_access.txt
roman-simakov 573e93e5a6 Fixed CORE-735: User rights for metadata changes. 
We check DDL in DDL nodes and skip at vio level. vio level still exists for direct metadata editing.
2014-07-08 07:35:27 +00:00

36 lines
1.2 KiB
Plaintext
Raw Blame History

SQL Language Extension: GRANT/REVOKE permissions on DDL operations
Implements capability to manage permissions on DDL operations.
Author:
Red Soft Corporation, roman.simakov(at)red-soft.biz
Syntax is:
GRANT CREATE <OBJECT> TO USER|ROLE [with grant option];
GRANT ALTER ANY <OBJECT> TO USER|ROLE [with grant option];
GRANT DROP ANY <OBJECT> TO USER|ROLE [with grant option];
REVOKE [grant option for] CREATE <OBJECT> FROM USER|ROLE;
REVOKE [grant option for] ALTER ANY <OBJECT> FROM USER|ROLE;
REVOKE [grant option for] DROP ANY <OBJECT> FROM USER|ROLE;
Where <OBJECT> could be:
TABLE, VIEW, PROCEDURE, FUNCTION, PACKAGE, GENERATOR, SEQUENCE, DOMAIN,
EXCEPTION, ROLE, SHADOW, DATABASE, CHARACTER SET, COLLATION, FILTER
Description:
Makes it possible to grant and revoke privileges on DDL operations.
DDL operations for managing triggers and indices re-use table privileges.
If ANY keyword is used a user will be able to perform operation on any object. Otherwise only on object which he owns.
If ANY keyword was used due GRANT operation it also must be used in according REVOKE operation.
Sample:
GRANT CREATE TABLE TO Joe;
GRANT ALTER ANY TABLE TO Joe;
REVOKE CREATE TABLE FROM Joe;
View Git Blame Copy Permalink