Syntax Description of GRANT
privilege [,privilege ]... | ALL [PRIVILEGES] | ALL_DML [PRIVILEGES] | ALL_DDL [PRIVILEGES]
Specifies the privileges to grant.
SELECT |
Can use the SELECT statement on the object. |
DELETE |
Can use the DELETE statement on the object. |
INSERT |
Can use the INSERT statement on the object. |
UPDATE |
Can use the UPDATE statement on the object. |
REFERENCES |
Can create constraints that reference the object. |
USAGE |
Can use the pseudocolumns, CURRVAL, and NEXTVAL to access sequence generator values. |
EXECUTE |
Can call the stored procedure or function. |
ALL PRIVILEGES |
Can have all privileges that apply to the object type. When the object is a table or view and ALL is specified, only the SELECT, DELETE, INSERT, UPDATE, and REFERENCES privileges are applied. When the object is a stored procedure and ALL is specified, only the EXECUTE privilege is applied. When the object is a sequence generator and ALL is specified, only the USAGE privilege is applied. |
ALL_DML |
Can have DML privileges that apply to the object type. For a schema, ALL_DML includes all the DML privileges. |
CREATE |
Can create objects in the schema like table, index, view, trigger, SPJs, Sequence Generators. The owner of the created object is either the schema owner or the creator, depending on the value of the CQD CREATE_AS_SCHEMA_OWNER. |
ALTER |
Can alter the definition of the objects in the schema. This includes the ability to execute utility operations that alter the definition of objects, like MODIFY. |
DROP |
Can drop any objects in the schema, including the schema itself. |
ALL_DDL |
Can have all DDL privileges. |
(column [,column]...)
Names the columns of the table or view to which the UPDATE or REFERENCES privileges apply. If you specify UPDATE or REFERENCES without column names, the privileges apply to all columns of the table or view. The columns cannot be specified on UPDATE and REFERENCES when the target is a schema.
ON [TABLE | SEQUENCE | PROCEDURE ]
object
Specifies the table, view, sequence generator, or stored procedure on which to grant privileges.
ON SCHEMA
schema-name
Specifies the schema name on which to grant privileges.
TO
grantee [,grantee ]...
Specifies one or more users to whom you grant privileges. A grantee can be an authid, or one of the special authorization IDs: PUBLIC and DB_PUBLIC.
authid
-
A valid Guardian username, enclosed in double quotes.
-
An External Username that is already associated with a Guardian user.
-
One of the special authorization IDs, PUBLIC, and DB_PUBLIC.
pg-name
Is the name of an existing privilege group, a SQL identifier.
WITH GRANT OPTION
Specifies that users of the authorization IDs to whom privileges are granted have the right to grant the same privileges to other authorization IDs.
BY
authid-grantor
Specifies the authorization ID authid-grantor on whose behalf the grant operation is performed. authid-grantor cannot be SYSTEM.
BY
clause, and only when one of the following applies:
-
The Security Administrators Group is empty.
-
The Super ID has been designated as a Security Administrator.
If the Security Administrator's Group is empty, then authid-grantor must be a valid authorization ID and hold the privilege(s) being granted WITH GRANT OPTION.
However, if the Super ID is designated as a Security Administrator, it will have Super GRANT BY capabilities in which authid-grantor may be any valid authorization ID.