Table of Contents
Advertisement
Managing groups
DBA, RESOURCE,
and GROUP
permissions
Creating groups
CHAPTER 10
sp_helptext sp_name_in_question
Once you understand how to manage permissions for individual users (as
described in the previous section) working with groups is straightforward. A
group is identified by a user ID, just like a single user, but this user ID is
granted the permission to have members.
When permissions on tables, views, and procedures are granted to or revoked
from a group, all members of the group inherit those changes. The DBA,
RESOURCE, and GROUP permissions are not inherited: they must be
assigned individually to each individual user ID requiring them.
A group is simply a user ID with special permissions. Granting permissions to
a group and revoking permissions from a group are done in exactly the same
manner as any other user, using the commands described in "Managing
individual user IDs and permissions".
A group can also be a member of a group. A hierarchy of groups can be
constructed, each inheriting permissions from its parent group.
A user ID may be granted membership in more than one group, so the user-to-
group relationship is many-to-many.
The ability to create a group without a password enables you to prevent
anybody from signing on using the group user ID. This security feature is
discussed in "Groups without passwords".
To create a group with a name and password:
1
Connect to the database as a user with DBA authority.
2
Create the group's user ID just as you would any other user ID, using the
following SQL statement:
GRANT CONNECT
TO personnel
IDENTIFIED BY group_password
Managing User IDs and Permissions
363
Advertisement
Table of Contents
