When you assign privileges for a database, schema, table, function, or view, you must select a grantee type. There are three types: User, Role, and Public.
- Users are Aster database users. Databases on an Aster Database server share the users and groups of users on the server. You can group users using roles and set group privileges to auto inherit. You can also set up specific users to have roles which grant them access to specific database objects. To grant a user the right to create databases, users, and roles, grant the db_admin role. Grant a lower-privileged role such as catalog_admin to deny the right to create databases, users, and roles.
- A role is a database role that an administrator creates or assigns. A role can own a database or have specific privileges to access objects in the database. You can assign roles to users or groups of users. Assigning roles to groups of users enables you to manage user groups as roles. Roles can also have log-on and system access capability, and like groups, include other roles as members. Roles that you create are valid for all databases on an Aster Database server. A role with INHERIT automatically uses database privileges granted to all roles that it is a member of.
- PUBLIC specifies that privileges are to be granted to all roles. Any single role has the sum of privileges granted directly to it, plus privileges to any role of which it is presently a member, and privileges granted to PUBLIC. Grant options cannot be granted to PUBLIC. If your database administrator grants ALL privileges on schema PUBLIC to users in the PUBLIC role (default install setting), then all users can by default create databases in new databases, and tables within the PUBLIC schema in the new database.