Users can access only the database objects (databases, tables, views, macros, procedures, and so on) for which they have privileges. The following table lists the types of privileges and describes how they are acquired by a user.
Privilege | Description |
---|---|
Implicit (Ownership) | Privileges implicitly granted by the database to the owner of the space in which database objects are created. |
Automatic | Privileges automatically provided by the system to:
|
Inherited | Privileges that are passed on indirectly to a user based on its relationship to another user or role to which the privileges were granted directly. |
Explicit (GRANT) | Privileges granted explicitly to a user or database in one of the following ways:
|
Roles, external roles, and profiles are used to assign privileges to users.
Type | Description |
---|---|
Roles | Roles are used to define privileges on database objects for groups of users with similar needs, rather than granting the privileges to individual users. Roles require less dictionary space than individually granted privileges. |
External Roles | External roles are used to assign privileges to directory users because those users do not exist in the database. |
Profiles | To simplify user management, an administrator can define a profile and assign it to a group of users who share similar values for the following types of parameters:
|