授权
权限种类
privileges
: select
, insert
, update
, delete
, all privileges
授权语句
grant <privilege list>
on <relation name or view name>
to <user list>
其中<user list>
可以是:public
, user-id
, role
grant select on student to Amit
grant select(ID) on student to Satoshi
权限回收
revoke <privilege list>
on <relation name or view name>
from <user list>
revoke select on department from Amit
revoke select(budget) on department from Satoshi
大多数数据库中,级联是默认行为。
可以通过如下语句防止级联:
revoke select on department from Amit, Satoshi restrict;
以下语句显式指定级联回收:
revoke select on department from Amit, Satoshi cascade;
以下语句仅仅回收用户再授权的权限:
revoke grant option for select on department from Amit;
roles
create role Instructor;
grant Instructor to Mr.Wang; 将role授予用户
grant select on takes to Instrucor; 授予role以takes关系上的select权限
create role dean;
grant Instructor to dean; 将role授予其他role
权限的转移
获得了某些形式权限的用户可能被允许将此授权传递给其他用户。默认方式下:被授予权限的用户/role无权再授予。
允许其再授予:grant select on department to Amit with grant option