GRANT establishes explicit privileges for one or more users, proxy users, databases, or roles. GRANT has several forms that differ in function and syntax:
GRANT Form | Purpose |
---|---|
GRANT (Monitor Form) | Performance monitoring of Vantage. |
GRANT (Role Form) | Grant role membership to users and other roles. |
GRANT (SQL Form) | Grant access to, creation of, or logging of, database objects. |
GRANT MAP | Grant existing contiguous or sparse maps to users and roles. |
GRANT ZONE | Grant zone guest status to users or roles that do not belong to any zone. GRANT ZONE does not automatically grant users access to database objects within the zone. Zone users must grant privileges to zone guests before access is permitted. |
GRANT CONNECT THROUGH | Grant the ability to connect as a proxy permanent or proxy application user through a trusted user. |
GRANT LOGON | Grant system logon privileges. |
Using GRANT (SQL Form) and GRANT (MONITOR Form)
The GRANT (SQL Form) controls access to, and manipulation of, database objects, while the GRANT (MONITOR form) privilege set relates to monitoring system-wide performance. To grant a user all privileges, including MONITOR, you must perform both of the following requests:
GRANT ALL PRIVILEGES ON object TO user WITH GRANT OPTION;
GRANT MONITOR PRIVILEGES TO user WITH GRANT OPTION;
ALL PRIVILEGES refers only to database-related privileges. MONITOR PRIVILEGES indicates all monitoring-related privileges.
GRANT MONITOR does not have an ON object clause. Because this statement allows a user to impact the entire system, the permissions are implicitly ON PUBLIC.
GRANT ZONE controls access to a specific zone. The WITH GRANT OPTION privilege is not valid for use with GRANT ZONE.
You must specify an ON object clause in a GRANT (SQL Form) request. You cannot specify an ON object clause in any GRANT (MONITOR form) or GRANT ZONE request.