Schema Level Privileges

Schema level privileges allow the schema owner to grant or revoke privileges on an entire schema to a user or a group of users.

The following statements are updated to support schema level changes:

NOTE:

The sections on GRANT and REVOKE statements later in this document include the complete syntax, semantics, and considerations for these statements.

CREATE SCHEMA changes

During the creation of the schema, the schema owner is given all DDL privileges and all DML privileges on the schema WITH GRANT OPTION. This enables the schema owner to grant those privileges to other users.

In the multi-tenant environment, the CREATE SCHEMA operation automatically grants relevant privileges to the privilege groups that are associated with the schema to represent the access levels (read, read-write, and full access including DDL).

GIVE SCHEMA changes

The GIVE SCHEMA operation is used to transfer the schema ownership from one user to another user. Privileges on the schema held by the owner with grantee type 'O' will be transferred to the new owner, this transfer will include DDL privileges.

Types of privileges

Schema level privileges support both SQL/MX Data Definition Language (DDL) and Data Manipulation Language (DML) privileges.

DDL
The schema level DDL privileges allow the grantees to perform DDL operations on that schema, and on existing and future objects in that schema. DDL privileges are applicable only at the schema level. You cannot grant or revoke DDL privileges on individual objects.
DML

The schema Level DML privileges allow the types of privileges that can be granted on individual objects to be granted on an entire schema; such privileges will pertain to existing and future objects in that schema. For example, if the SELECT privilege on a schema is granted to a user, that user will be able to select from objects in that schema. The schema owner holds no implicit DML privileges on those objects in the schema that are owned by other users.

Types of targets

The DDL privileges are applicable only at the schema level. These privileges cannot be granted or revoked on individual objects. DML privileges can be granted at two levels, the schema level and the object level.

Types of grantees

The types of grantee are owner, user, and public. A grantee can be a user or a privilege group.

DB_PUBLIC

A special authid DB_PUBLIC is introduced in SQL/MX Release 3.5. DB_PUBLIC is available for users and applications connected to user databases in multi-tenant environment. Outside the multi-tenant environment, DB_PUBLIC is the same as PUBLIC.

Types of user names

There are two types of user names, Guardian username and External Username. For more information, see User Management.

Authorization Requirements for Utilities

Utility	Authorization Requirements
CLEANUP	ALTER privilege on the schema containing the target object.
DUP	SELECT privilege on the source table or its schema. CREATE and ALTER privileges on the schema containing the target table.
FASTCOPY	SELECT privilege on the source table or its schema SELECT, INSERT, UPDATE, and DELETE privileges on the target table or its schema.
FIXUP	ALTER privilege on the schema containing the affected object.
IMPORT	INSERT privilege on the target table or its schema.
MODIFY	ALTER privilege on the schema containing the affected object.
POPULATE INDEX	ALTER privilege on the schema containing the affected object.
PURGEDATA	SELECT and DELETE on the target table or its schema.
VERIFY object	SELECT and EXECUTE privileges on the object or its schema.
VERIFY schema	ALTER privilege on the schema.