Beginning SQL
Beginning SQL Beginning SQL
Chapter 12 As you can imagine, giving GRANT OPTION privileges to other users allows them unlimited ability to pass on the privileges to other users, which can be very dangerous in some circumstances, particularly for the UPDATE and DELETE privileges. You should use GRANT OPTION with discretion. Revoking Privileges If you’ve granted privileges that you need to revoke, you do so using the REVOKE statement. Revoking privileges can yield unexpected results depending on the implementation used by your DBMS, whether more than one user granted privileges on an object, and the time sequence of the grants. You see that in a little while, but first you need to learn the REVOKE statement’s basic syntax. The REVOKE Statement 344 The REVOKE syntax looks very similar to the GRANT syntax. The REVOKE statement can take away some or all of the privileges assigned in a GRANT statement, to some or all of the user IDs. For example, suppose you granted some privileges on the Personnel table: GRANT SELECT, UPDATE, INSERT ON tblPersonnel TO usrTom, usrJim You can then use the following statement to revoke various INSERT privileges from Tom: REVOKE INSERT ON tblPersonnel FROM usrTom You can likewise revoke SELECT and INSERT privileges from Jim using this statement: REVOKE SELECT, INSERT ON tblPersonnel FROM usrJim Revoking UPDATE privileges from Jim and Tom requires a statement similar to the following: REVOKE UPDATE ON tblPersonnel FROM usrJim, usrTom You can revoke only privileges that you granted. If the user was granted privileges on the same object by another user, only the privileges you granted are revoked. Thus, if the user you are revoking privileges for was granted privileges on the same object by another user, they are still able to access that object using any privileges that the other user gave them. You grant Jim privileges on tblPersonnel with this statement: GRANT SELECT, UPDATE, INSERT ON tblPersonnel TO usrJim
- Page 678: No updates, additions, or deletions
- Page 682: International Board Manufacturer ha
- Page 686: contention. You could wrap your new
- Page 690: Summary Transactions ensure that us
- Page 696: Chapter 12 328 SQL security is cent
- Page 700: Chapter 12 Creating User IDs Figure
- Page 704: Chapter 12 3. In the SQL window, ty
- Page 708: Chapter 12 ❑ You can assign a dif
- Page 712: Chapter 12 Privileges Privileges ar
- Page 716: Chapter 12 338 You could then give
- Page 720: Chapter 12 You might implement this
- Page 724: Chapter 12 Another shortcut, using
- Page 730: Betsey also grants privileges to Ji
- Page 734: The CASCADE option tells the DBMS t
- Page 738: 13 Database Tuning SQL is a languag
- Page 742: Perhaps this doesn’t sound remote
- Page 746: When an application asks for data f
- Page 750: The point of all the discussion of
- Page 754: How Do You Do It? And herein lies t
- Page 758: The slots are often implemented as
- Page 762: On the other hand, an index on a tr
- Page 766: Tuning Tips The following list cont
- Page 770: Database Tuning Exercises 1. Create
- Page 776: Appendix A Exercise 2 Solution 368
Chapter 12<br />
As you can imagine, giving GRANT OPTION privileges to other users allows them unlimited ability to<br />
pass on the privileges to other users, which can be very dangerous in some circumstances, particularly<br />
for the UPDATE and DELETE privileges. You should use GRANT OPTION with discretion.<br />
Revoking Privileges<br />
If you’ve granted privileges that you need to revoke, you do so using the REVOKE statement. Revoking<br />
privileges can yield unexpected results depending on the implementation used by your DBMS, whether<br />
more than one user granted privileges on an object, and the time sequence of the grants. You see that in a<br />
little while, but first you need to learn the REVOKE statement’s basic syntax.<br />
The REVOKE Statement<br />
344<br />
The REVOKE syntax looks very similar to the GRANT syntax. The REVOKE statement can take away some or<br />
all of the privileges assigned in a GRANT statement, to some or all of the user IDs. For example, suppose<br />
you granted some privileges on the Personnel table:<br />
GRANT SELECT, UPDATE, INSERT<br />
ON tblPersonnel<br />
TO usrTom, usrJim<br />
You can then use the following statement to revoke various INSERT privileges from Tom:<br />
REVOKE INSERT<br />
ON tblPersonnel<br />
FROM usrTom<br />
You can likewise revoke SELECT and INSERT privileges from Jim using this statement:<br />
REVOKE SELECT, INSERT<br />
ON tblPersonnel<br />
FROM usrJim<br />
Revoking UPDATE privileges from Jim and Tom requires a statement similar to the following:<br />
REVOKE UPDATE<br />
ON tblPersonnel<br />
FROM usrJim, usrTom<br />
You can revoke only privileges that you granted. If the user was granted privileges on the same object by<br />
another user, only the privileges you granted are revoked. Thus, if the user you are revoking privileges<br />
for was granted privileges on the same object by another user, they are still able to access that object<br />
using any privileges that the other user gave them.<br />
You grant Jim privileges on tblPersonnel with this statement:<br />
GRANT SELECT, UPDATE, INSERT<br />
ON tblPersonnel<br />
TO usrJim