Syntax Description of GRANT

privilege [,privilege ]... | ALL [PRIVILEGES] | ALL_DML [PRIVILEGES] | ALL_DDL [PRIVILEGES]

Specifies the privileges to grant.

You can specify these privileges for a table or a view.

SELECT	Can use the SELECT statement on the object.
DELETE	Can use the DELETE statement on the object.
INSERT	Can use the INSERT statement on the object.
UPDATE	Can use the UPDATE statement on the object.
REFERENCES	Can create constraints that reference the object.

You can specify this privilege for a sequence generator.

USAGE

Can use the pseudocolumns, CURRVAL, and NEXTVAL to access sequence generator values.

You can specify this privilege for a stored procedure or function.

EXECUTE

Can call the stored procedure or function.

You can specify this privilege for all types of object.

ALL PRIVILEGES

Can have all privileges that apply to the object type. When the object is a table or view and ALL is specified, only the SELECT, DELETE, INSERT, UPDATE, and REFERENCES privileges are applied. When the object is a stored procedure and ALL is specified, only the EXECUTE privilege is applied. When the object is a sequence generator and ALL is specified, only the USAGE privilege is applied.

You can specify this privilege for a table, sequence generator, or view.

ALL_DML

Can have DML privileges that apply to the object type. For a schema, ALL_DML includes all the DML privileges.

You can specify the following privileges only when the target is a schema.

CREATE	Can create objects in the schema like table, index, view, trigger, SPJs, Sequence Generators. The owner of the created object is either the schema owner or the creator, depending on the value of the CQD CREATE_AS_SCHEMA_OWNER.
ALTER	Can alter the definition of the objects in the schema. This includes the ability to execute utility operations that alter the definition of objects, like MODIFY.
DROP	Can drop any objects in the schema, including the schema itself.
ALL_DDL	Can have all DDL privileges.

(column [,column]...)

Names the columns of the table or view to which the UPDATE or REFERENCES privileges apply. If you specify UPDATE or REFERENCES without column names, the privileges apply to all columns of the table or view. The columns cannot be specified on UPDATE and REFERENCES when the target is a schema.

ON [TABLE | SEQUENCE | PROCEDURE ] object

Specifies the table, view, sequence generator, or stored procedure on which to grant privileges.

ON SCHEMA schema-name

Specifies the schema name on which to grant privileges.

TO grantee [,grantee ]...

Specifies one or more users to whom you grant privileges. A grantee can be an authid, or one of the special authorization IDs: PUBLIC and DB_PUBLIC.

authid

Specifies an authorization ID which must be one of the following:

A valid Guardian username, enclosed in double quotes.
An External Username that is already associated with a Guardian user.
One of the special authorization IDs, PUBLIC, and DB_PUBLIC.

pg-name

Is the name of an existing privilege group, a SQL identifier.

WITH GRANT OPTION

Specifies that users of the authorization IDs to whom privileges are granted have the right to grant the same privileges to other authorization IDs.

BY authid-grantor

Specifies the authorization ID authid-grantor on whose behalf the grant operation is performed. authid-grantor cannot be SYSTEM.

Only the Super ID can use the

BY

clause, and only when one of the following applies:

The Security Administrators Group is empty.
The Super ID has been designated as a Security Administrator.

The effect of using the BY clause is the same as if the authid-grantor were to issue the GRANT directly (without using the BY clause).

If the Security Administrator's Group is empty, then authid-grantor must be a valid authorization ID and hold the privilege(s) being granted WITH GRANT OPTION.

However, if the Super ID is designated as a Security Administrator, it will have Super GRANT BY capabilities in which authid-grantor may be any valid authorization ID.