Administrators can grant system-level privileges to users or profiles for the purpose of establishing and maintaining row-level security.
- Create row-level security constraints using SQL requests.
- Define row-level security constraints on tables using SQL requests.
- Assign row-level security constraint values (security credentials) to users and profiles using SQL requests.
- CONSTRAINT ASSIGNMENT
- CONSTRAINT DEFINITION (see CONSTRAINT DEFINITION Privilege)
See the section on the DBC.AccessRights table in AccessRight Column for a list of the two-character abbreviations for these privileges.
CONSTRAINT ASSIGNMENT Privilege
This system-wide privilege enables users to define row-level security constraints on tables and to assign row-level security constraint values to users and profiles using SQL DDL statements. Administrators can grant this privilege to individual users or to profiles.
Vantage automatically grants this privilege to user DBC WITH GRANT OPTION, which enables user DBC to grant this privilege to any other user or role.
- You can only grant CONSTRAINT ASSIGNMENT to another user or role if you also have the WITH GRANT OPTION privilege.
- You cannot specify a target database object.
- You cannot grant CONSTRAINT ASSIGNMENT to PUBLIC.
- ALTER TABLE
- CREATE PROFILE
- CREATE TABLE
- CREATE USER
- MODIFY PROFILE
- MODIFY USER
- SHOW CONSTRAINT
The CONSTRAINT DEFINITION privilege also enables you to run a SHOW CONSTRAINT request.
CONSTRAINT DEFINITION Privilege
This system-wide privilege enables users to create and modify row-level security constraints using SQL DDL statements. Administrators can grant this privilege to individual users or to roles.
Vantage automatically grants this privilege to user DBC WITH GRANT OPTION, which enables user DBC to grant this privilege to any other user or role.
- You can only grant CONSTRAINT DEFINITION to another user or role if you also have the WITH GRANT OPTION privilege.
- You cannot specify a target database object.
- You cannot grant CONSTRAINT DEFINITION to PUBLIC.
- ALTER CONSTRAINT
- CREATE CONSTRAINT
- DROP CONSTRAINT
- SHOW CONSTRAINT
The CONSTRAINT ASSIGNMENT privilege also enables you to run a SHOW CONSTRAINT request.