Alternative Syntax Using AS username
The non-standard AS clause is supported as a synonym of the GRANTED BY clause to simplify migration from other database systems.
%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%23fd0a02%22%20offset%3D%220%22%2F%3E%3Cstop%20stop-color%3D%22%23fd3703%22%20offset%3D%22.27%22%2F%3E%3Cstop%20stop-color%3D%22%23fffb17%22%20offset%3D%221%22%2F%3E%3C%2FlinearGradient%3E%3CradialGradient%20id%3D%22IDa%22%20cx%3D%22226.87%22%20cy%3D%22227.78%22%20r%3D%22226.77%22%20gradientTransform%3D%22matrix(1%200%200%20.99928%204.5%20.16398)%22%20gradientUnits%3D%22userSpaceOnUse%22%20spreadMethod%3D%22reflect%22%3E%3Cstop%20stop-color%3D%22%23fffb17%22%20offset%3D%22-99%22%2F%3E%3Cstop%20stop-color%3D%22%23fd3703%22%20style%3D%22stop-color%3A%23d6d6d6%3Bstop-opacity%3A.80992%22%20offset%3D%22-25.96%22%2F%3E%3Cstop%20stop-color%3D%22%23fd0a02%22%20style%3D%22stop-color%3A%23640401%22%20offset%3D%221%22%2F%3E%3C%2FradialGradient%3E%3Cfilter%20id%3D%22IDc%22%20x%3D%22-.073393%22%20y%3D%22-.073446%22%20width%3D%221.1468%22%20height%3D%221.1469%22%20style%3D%22color-interpolation-filters%3AsRGB%22%3E%3CfeGaussianBlur%20stdDeviation%3D%2213.661255%22%2F%3E%3C%2Ffilter%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(28.187%2031.614)%22%3E%3Cpath%20d%3D%22m144.36%20418.24c-31.519-36.408-42.174-117.36-35.104-140.33%209.9544-32.345%2021.049-46.054%2052.91-61.14%2012.171-5.7629%2030.369-9.7087%2040.618-16.999%209.6275-6.8485%2011.103-20.882%200.3031-30.555-11.374-10.186-25.905-6.8539-44.714-1.9463-0.8293%200.2163-2.2371%201.2415-2.4517%202.0893-0.5764%202.2763%200.3517%204.8404%201.55%207.9654-13.009-4.9358-26.833-14.752-28.839-21.314-6.3773-20.865%2017.573-38.445%2048.266-37.644-3.4102-17.273-3.4635-26.602%2018.537-25.134%2032.366%202.1593%2053.818%2013.086%2085.84%2021.325%202.5911%200.6668%2015.302%204.2674%2017.351%202.4455%201.3911-1.2363%202.2548-6.8008%204.1746-11.352%201.7884%205.7771%203.6412%2013.171%201.3306%2018.928-3.601%208.9701-42.338%200.4436-49.836-0.4936-1.4719%202.0873-0.7547%206.4248%201.0548%206.9152%2021.778%205.9031%2040.947%2025.511%2046.258%2034.455%208.8055%2014.832%2010.521%2029.513%207.7741%2042.707-2.5105%2012.06-21.178%2036.296-31.757%2050.233-13.891%2018.301-22.03%2028.984-9.0675%2043.421%206.6796%207.4391%2040.824%2010.557%2075.278-3.6384%2030.204-12.444%2075.735-59.108%2075.527-110.4-0.4087-100.65-83.111-169.04-176.17-181.35-4.1817-0.6355-4.2058-5.2511-0.0238-5.2514%2085.729-8e-3%20214.98%2078.833%20214.98%20226.49%202e-4%20127-105.71%20226.72-223.18%20226.72-46.871%200-69.584-11.872-90.603-36.151zm-139.76-190.62c0-147.17%20129.41-226.45%20214.98-226.45%204.2192%200%204.2282%204.6119%209e-3%205.2304-94.354%2010.94-163.61%2072.376-180.2%20163.11-13.135%2071.848%2014.501%20141.16%2066.086%20182.98%206.8172%2036.501%2027.251%2073.534%2052.047%2089.504-97.014-32.749-152.92-124.89-152.92-214.38zm189.2-109.32c-1.0982-0.0895-5.4887-5.9834-1.2128-6.6405%2010.982-1.6874%2021.989%202.9859%2027.148%206.8763%200.9582%200.7226%200.4686%203.0838-0.2361%202.9402-5.5378-1.1299-24.15-3.05-25.699-3.176z%22%20style%3D%22fill-rule%3Aevenodd%3Bfill%3Aurl(%23IDa)%3Bfilter%3Aurl(%23IDc)%3Bmix-blend-mode%3Anormal%3Bopacity%3A.61733%3Bstroke-width%3A.99975%3Bstroke%3A%23000000%22%2F%3E%3Cpath%20d%3D%22m139.76%20417.07c-31.519-36.408-42.174-117.36-35.104-140.33%209.9544-32.345%2021.049-46.054%2052.91-61.14%2012.171-5.7629%2030.369-9.7087%2040.618-16.999%209.6275-6.8485%2011.103-20.882%200.3031-30.555-11.374-10.186-25.905-6.8539-44.714-1.9463-0.8293%200.2163-2.2371%201.2415-2.4517%202.0893-0.5764%202.2763%200.3517%204.8404%201.55%207.9654-13.009-4.9358-26.833-14.752-28.839-21.314-6.3773-20.865%2017.573-38.445%2048.266-37.644-3.4102-17.273-3.4635-26.602%2018.537-25.134%2032.366%202.1593%2053.818%2013.086%2085.84%2021.325%202.5911%200.6668%2015.302%204.2674%2017.351%202.4455%201.3911-1.2363%202.2548-6.8008%204.1746-11.352%201.7884%205.7771%203.6412%2013.171%201.3306%2018.928-3.601%208.9701-42.338%200.4436-49.836-0.4936-1.4719%202.0873-0.7547%206.4248%201.0548%206.9152%2021.778%205.9031%2040.947%2025.511%2046.258%2034.455%208.8055%2014.832%2010.521%2029.513%207.7741%2042.707-2.5105%2012.06-21.178%2036.296-31.757%2050.233-13.891%2018.301-22.03%2028.984-9.0675%2043.421%206.6796%207.4391%2040.824%2010.557%2075.278-3.6384%2030.204-12.444%2075.735-59.108%2075.527-110.4-0.4087-100.65-83.111-169.04-176.17-181.35-4.1817-0.6355-4.2058-5.2511-0.0238-5.2514%2085.729-8e-3%20214.98%2078.833%20214.98%20226.49%202e-4%20127-105.71%20226.72-223.18%20226.72-46.871%200-69.584-11.872-90.603-36.151zm-139.76-190.62c0-147.17%20129.41-226.45%20214.98-226.45%204.2192%200%204.2282%204.6119%209e-3%205.2304-94.354%2010.94-163.61%2072.376-180.2%20163.11-13.135%2071.848%2014.501%20141.16%2066.086%20182.98%206.8172%2036.501%2027.251%2073.534%2052.047%2089.504-97.014-32.749-152.92-124.89-152.92-214.38zm189.2-109.32c-1.0982-0.0895-5.4887-5.9834-1.2128-6.6405%2010.982-1.6874%2021.989%202.9859%2027.148%206.8763%200.9582%200.7226%200.4686%203.0838-0.2361%202.9402-5.5378-1.1299-24.15-3.05-25.699-3.176z%22%20style%3D%22fill-rule%3Aevenodd%3Bfill%3Aurl(%23IDb)%3Bstroke-width%3A.32475%3Bstroke%3A%23909090%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E%0A){kind=small}
- Anglaiskeyboard_arrow_down
- languageFrançais
- languageРусский
- languageDeutsch
Alternative Syntax Using
Privileges on Tables and Views
For tables and views, unlike other metadata objects, it is possible to grant several privileges at once.
List of Privileges on Tables
SELECT-
Permits the user or object to
SELECTdata from the table or view INSERT-
Permits the user or object to
INSERTrows into the table or view DELETE-
Permits the user or object to
DELETErows from the table or view UPDATE-
Permits the user or object to
UPDATErows in the table or view, optionally restricted to specific columns REFERENCES-
Permits the user or object to reference the table via a foreign key, optionally restricted to the specified columns.If the primary or unique key referenced by the foreign key of the other table is composite then all columns of the key must be specified.
ALL [PRIVILEGES]-
Combines
SELECT,INSERT,UPDATE,DELETEandREFERENCESprivileges in a single package
Examples of GRANT <privilege> on Tables
-
SELECTandINSERTprivileges to the userALEX:GRANT SELECT, INSERT ON TABLE SALES TO USER ALEX; -
The
SELECTprivilege to theMANAGER,ENGINEERroles and to the userIVAN:GRANT SELECT ON TABLE CUSTOMER TO ROLE MANAGER, ROLE ENGINEER, USER IVAN; -
All privileges to the
ADMINISTRATORrole, together with the authority to grant the same privileges to others:GRANT ALL ON TABLE CUSTOMER TO ROLE ADMINISTRATOR WITH GRANT OPTION; -
The
SELECTandREFERENCESprivileges on theNAMEcolumn to all users and objects:GRANT SELECT, REFERENCES (NAME) ON TABLE COUNTRY TO PUBLIC; -
The
SELECTprivilege being granted to the userIVANby the userALEX:GRANT SELECT ON TABLE EMPLOYEE TO USER IVAN GRANTED BY ALEX; -
Granting the
UPDATEprivilege on theFIRST_NAME,LAST_NAMEcolumns:GRANT UPDATE (FIRST_NAME, LAST_NAME) ON TABLE EMPLOYEE TO USER IVAN; -
Granting the
INSERTprivilege to the stored procedureADD_EMP_PROJ:GRANT INSERT ON EMPLOYEE_PROJECT TO PROCEDURE ADD_EMP_PROJ;
The EXECUTE Privilege
The EXECUTE privilege applies to stored procedures, stored functions (including UDFs), and packages.It allows the grantee to execute the specified object, and, if applicable, to retrieve its output.
In the case of selectable stored procedures, it acts somewhat like a SELECT privilege, insofar as this style of stored procedure is executed in response to a SELECT statement.
|
Note
|
For packages, the |
Examples of Granting the EXECUTE Privilege
-
Granting the
EXECUTEprivilege on a stored procedure to a role:GRANT EXECUTE ON PROCEDURE ADD_EMP_PROJ TO ROLE MANAGER; -
Granting the
EXECUTEprivilege on a stored function to a role:GRANT EXECUTE ON FUNCTION GET_BEGIN_DATE TO ROLE MANAGER; -
Granting the
EXECUTEprivilege on a package to userPUBLIC:GRANT EXECUTE ON PACKAGE APP_VAR TO USER PUBLIC; -
Granting the
EXECUTEprivilege on a function to a package:GRANT EXECUTE ON FUNCTION GET_BEGIN_DATE TO PACKAGE APP_VAR;
The USAGE Privilege
To be able to use metadata objects other than tables, views, stored procedures or functions, triggers and packages, it is necessary to grant the user (or database object like trigger, procedure or function) the USAGE privilege on these objects.
By default, Firebird executes PSQL modules with the privileges of the caller, so it is necessary that either the user or otherwise the routine itself has been granted the USAGE privilege.This can be changed with the SQL SECURITY clause of the DDL statements of those objects.
|
Note
|
The |
|
Note
|
For sequences (generators), the |
Examples of Granting the USAGE Privilege
-
Granting the
USAGEprivilege on a sequence to a role:GRANT USAGE ON SEQUENCE GEN_AGE TO ROLE MANAGER; -
Granting the
USAGEprivilege on a sequence to a trigger:GRANT USAGE ON SEQUENCE GEN_AGE TO TRIGGER TR_AGE_BI; -
Granting the
USAGEprivilege on an exception to a package:GRANT USAGE ON EXCEPTION TO PACKAGE PKG_BILL;
DDL Privileges
By default, only administrators can create new metadata objects.Altering or dropping these objects is restricted to the owner of the object (its creator) and administrators.DDL privileges can be used to grant privileges for these operations to other users.
Available DDL Privileges
CREATE-
Allows creation of an object of the specified type
ALTER ANY-
Allows modification of any object of the specified type
DROP ANY-
Allows deletion of any object of the specified type
ALL [PRIVILEGES]-
Combines the
CREATE,ALTER ANYandDROP ANYprivileges for the specified type
|
Note
|
There are no separate DDL privileges for triggers and indexes.The necessary privileges are inherited from the table or view.Creating, altering or dropping a trigger or index requires the |
Examples of Granting DDL Privileges
-
Allow user
JOEto create tablesGRANT CREATE TABLE TO USER Joe; -
Allow user
JOEto alter any procedureGRANT ALTER ANY PROCEDURE TO USER Joe;
Database DDL Privileges
The syntax for granting privileges to create, alter or drop a database deviates from the normal syntax of granting DDL privileges for other object types.
Available Database DDL Privileges
CREATE-
Allows creation of a database
ALTER-
Allows modification of the current database
DROP-
Allows deletion of the current database
ALL [PRIVILEGES]-
Combines the
ALTERandDROPprivileges.ALLdoes not include theCREATEprivilege.
The ALTER DATABASE and DROP DATABASE privileges apply only to the current database, whereas DDL privileges ALTER ANY and DROP ANY on other object types apply to all objects of the specified type in the current database.The privilege to alter or drop the current database can only be granted by administrators.
The CREATE DATABASE privilege is a special kind of privilege as it is saved in the security database.A list of users with the CREATE DATABASE privilege is available from the virtual table SEC$DB_CREATORS.Only administrators in the security database can grant the privilege to create a new database.
|
Note
|
|
Examples of Granting Database DDL Privileges
-
Granting
SUPERUSERthe privilege to create databases:GRANT CREATE DATABASE TO USER Superuser; -
Granting
JOEthe privilege to executeALTER DATABASEfor the current database:GRANT ALTER DATABASE TO USER Joe; -
Granting
FEDORthe privilege to drop the current database:GRANT DROP DATABASE TO USER Fedor;