Database Users and Their
Privileges 
Database administrators can create additional database users and grant privileges.
Prerequisites
You require the demo data for the SQL Tutorial.
Start the query tool SQL Studio as database administrator MONA with password RED and log on to the demo database instance DEMODB.
Creating Database Users
Use the CREATE USER statement to create additional database users.
CREATE USER david PASSWORD blue RESOURCE
The database administrator MONA has created the database user DAVID with the password BLUE. The database user class RESOURCE has been defined for this database user.
CREATE USER boris PASSWORD pink STANDARD
The database administrator MONA has created the database user BORIS with the password PINK. The database user class STANDARD has been defined for this database user.
See also:
SQL Reference
Manual, 
CREATE USER Statement
(create_user_statement)
Changing the Database User Class
Use the ALTER USER statement to change the database user class.
ALTER USER boris RESOURCE
The database user class RESOURCE is defined for the database user BORIS.
See also:
SQL Reference Manual, ALTER USER Statement
(alter_user_statement)
Changing the Password
Use the ALTER PASSWORD statement to change the password of a database user.
●
Log on as
the database system administrator (default values: DBADMIN/SECRET).
ALTER
PASSWORD boris red
The password of the
database user BORIS is changed to RED.
You can also use the ALTER PASSWORD statement as follows:
●
Log on as the
database user BORIS (BORIS/RED).
ALTER PASSWORD red TO pink
The password of the
database user BORIS is changed to PINK.
See also:
SQL Reference Manual, ALTER PASSWORD
Statement (alter_password_statement)
Granting Privileges
Open a database session for the database administrator MONA and use the GRANT statement to grant privileges.
GRANT SELECT, UPDATE, DELETE, INSERT ON hotel.customer TO david
The database administrator MONA administers the customer table in the HOTEL schema. MONA decides that the RESOURCE user DAVID is to be entitled to maintain customer data but not to make any changes to the structure of the table.
GRANT SELECT ON hotel.customer TO PUBLIC
All of the database users in the system are to be granted read access to the data in the customer table. You can use the keyword PUBLIC to grant privileges to all database users.
Check the privileges granted, on the basis of the information in the TABLEPRIVILEGES system table, for example. Log on to the database instance DEMODB as user DAVID.
SELECT * FROM DOMAIN.TABLEPRIVILEGES
WHERE schemaname = 'HOTEL' AND tablename =
'CUSTOMER'
Result
SCHEMANAME |
OWNER |
TABLENAME |
GRANTOR |
GRANTEE |
PRIVILEGE |
IS_GRANTABLE |
HOTEL |
MONA |
CUSTOMER |
MONA |
DAVID |
SELECT |
NO |
HOTEL |
MONA |
CUSTOMER |
MONA |
DAVID |
UPDATE |
NO |
HOTEL |
MONA |
CUSTOMER |
MONA |
DAVID |
INSERT |
NO |
HOTEL |
MONA |
CUSTOMER |
MONA |
DAVID |
DELETE |
NO |
HOTEL |
MONA |
CUSTOMER |
MONA |
PUBLIC |
SELECT |
NO |
See also:
SQL Reference Manual, GRANT Statement
(grant_statement)
Evaluating
System Tables, TABLEPRIVILEGES
Revoking Privileges
Open a database session for the database administrator MONA and use the REVOKE statement to revoke privileges.
REVOKE DELETE ON customer FROM david
The RESOURCE user DAVID is not to be permitted to delete rows from the customer table.
See also:
SQL Reference Manual, REVOKE Statement
(revoke_statement)
Deleting Database Users
To delete database users, use the DROP USER statement.
DROP USER boris
If no cascade option or the CASCADE option CASCADE is specified, all the synonyms and tables of the user to be deleted, as well as all indexes, privileges, view tables, and so on based on these objects, are deleted together with the database user.
See also:
SQL Reference Manual, DROP USER Statement
(drop_user_statement)
More examples for Authorization