Beginning SQL
Beginning SQL Beginning SQL
The CASCADE option tells the DBMS that a REVOKE of the GRANT OPTION should cause a ripple down the chain and also revoke any privileges issued because of the GRANT OPTION. Suppose Jim issues a GRANT to Sue WITH GRANT OPTION: GRANT SELECT ON tblPersonnel TO usrSue WITH GRANT OPTION Sue now issues a GRANT to Frank: GRANT SELECT ON tblPersonnel TO usrFrank Jim now issues a REVOKE to Sue: REVOKE SELECT ON tblPersonnel FROM usrSue CASCADE In this case, both Sue and Frank lose their SELECT privilege on tblPersonnel because Jim placed the CASCADE option on the REVOKE statement. Assume that Jim issued the same GRANT to Sue, and Sue issued the same GRANT to Frank. Jim later issues the following REVOKE: REVOKE SELECT ON tblPersonnel FROM usrSue RESTRICT In this case, the REVOKE fails and issues an error warning Jim that there are privileges cascading down from the GRANT that he issued, and that he may be revoking privileges that he doesn’t intend to revoke. If Jim does decide to revoke Sue’s privileges, he can simply issue the REVOKE again with the CASCADE option. The RESTRICT option is just a way to let a user know that the REVOKE will cause a cascade REVOKE. In addition, the SQL2 syntax now includes the ability to specify the privilege in the REVOKE GRANT statement instead of just revoking all GRANT privileges. Consider the following statement: REVOKE GRANT OPTION ON INSERT, DELETE ON tblPersonnel FROM usrSue CASCADE SQL Security This statement revokes the ability to GRANT OPTION on these privileges but does not take away the privileges themselves. 347
- Page 682: International Board Manufacturer ha
- Page 686: contention. You could wrap your new
- Page 690: Summary Transactions ensure that us
- Page 696: Chapter 12 328 SQL security is cent
- Page 700: Chapter 12 Creating User IDs Figure
- Page 704: Chapter 12 3. In the SQL window, ty
- Page 708: Chapter 12 ❑ You can assign a dif
- Page 712: Chapter 12 Privileges Privileges ar
- Page 716: Chapter 12 338 You could then give
- Page 720: Chapter 12 You might implement this
- Page 724: Chapter 12 Another shortcut, using
- Page 728: Chapter 12 As you can imagine, givi
- Page 732: Chapter 12 The situation gets a lit
- Page 738: 13 Database Tuning SQL is a languag
- Page 742: Perhaps this doesn’t sound remote
- Page 746: When an application asks for data f
- Page 750: The point of all the discussion of
- Page 754: How Do You Do It? And herein lies t
- Page 758: The slots are often implemented as
- Page 762: On the other hand, an index on a tr
- Page 766: Tuning Tips The following list cont
- Page 770: Database Tuning Exercises 1. Create
- Page 776: Appendix A Exercise 2 Solution 368
- Page 780: Appendix A ( 8, ‘Jack’, ‘John
The CASCADE option tells the DBMS that a REVOKE of the GRANT OPTION should cause a ripple down the<br />
chain and also revoke any privileges issued because of the GRANT OPTION.<br />
Suppose Jim issues a GRANT to Sue WITH GRANT OPTION:<br />
GRANT SELECT<br />
ON tblPersonnel<br />
TO usrSue<br />
WITH GRANT OPTION<br />
Sue now issues a GRANT to Frank:<br />
GRANT SELECT<br />
ON tblPersonnel<br />
TO usrFrank<br />
Jim now issues a REVOKE to Sue:<br />
REVOKE SELECT<br />
ON tblPersonnel<br />
FROM usrSue CASCADE<br />
In this case, both Sue and Frank lose their SELECT privilege on tblPersonnel because Jim placed the<br />
CASCADE option on the REVOKE statement.<br />
Assume that Jim issued the same GRANT to Sue, and Sue issued the same GRANT to Frank. Jim later issues<br />
the following REVOKE:<br />
REVOKE SELECT<br />
ON tblPersonnel<br />
FROM usrSue RESTRICT<br />
In this case, the REVOKE fails and issues an error warning Jim that there are privileges cascading down<br />
from the GRANT that he issued, and that he may be revoking privileges that he doesn’t intend to revoke.<br />
If Jim does decide to revoke Sue’s privileges, he can simply issue the REVOKE again with the CASCADE<br />
option. The RESTRICT option is just a way to let a user know that the REVOKE will cause a cascade<br />
REVOKE.<br />
In addition, the <strong>SQL</strong>2 syntax now includes the ability to specify the privilege in the REVOKE GRANT statement<br />
instead of just revoking all GRANT privileges. Consider the following statement:<br />
REVOKE GRANT OPTION ON INSERT, DELETE<br />
ON tblPersonnel<br />
FROM usrSue CASCADE<br />
<strong>SQL</strong> Security<br />
This statement revokes the ability to GRANT OPTION on these privileges but does not take away the privileges<br />
themselves.<br />
347