These statements control which privileges are available to which users and roles.

Securables

Cirro supports permission setting on these securables:

  • Global /Cirro

  • System

  • Database

  • Schema

  • Table

  • Key

System Procedure

When referencing securables within the GRANT, DENY, and REVOKE commands, these formats are supported:

  • ’*’ (A single asterisk is supported, and must be placed in the most restricted level in the system.database.schema.table hierarchy.)
  • System1.*
  • System1.db1.*
  • System2.db2.schema2.*
  • System3.db3.schema3.table3

Examples of Valid Securable References

The following examples show valid securable references.

SQL Statement Description
GRANT ALL PRIVILEGES ON * Grant all privileges to all securables on all systems
GRANT ALL PRIVILEGES ON System1.database1.schema1.* Grants all privileges to all securables in the database1.schema1 on System1.
GRANT ALL PRIVILEGES ON System1.* Grants all privileges to all securables on the System1 system.
GRANT KEY USAGE on to * key_name - first column of sys_privatekeys table corresponding to the private key to grant
* user_name - Cirro username to grant the key.

Examples of Invalid Securable References

The following examples show invalid securable references.

SQL Statement Description
GRANT ALL PRIVILEGES ON . The . syntax is not supported. Use * instead.
GRANT ALL PRIVILEGES ON System1 An asterisk must be specified at the next lower level. Use System1.* instead.
GRANT ALL PRIVILEGES ON System1.*.schema1 The asterisk cannot be specified at the database level if a schema is specified.
GRANT ALL PRIVILEGES ON System1.database1.schema1.HR* No other text can be present at the same level as the asterisk. Use System1.database1.schema1.* instead.

See Also