A privilege specification (priv_spec) defines a role or a set of privileges for specific tables or parts of tables.
Syntax
<priv_spec> ::= ALL [PRIV[ILEGES]] ON [TABLE] <table_name>,... | <privilege>,... ON [TABLE] <table_name>,... | <role_name> <privilege> ::= ALTER | DELETE | INDEX | INSERT | REFERENCES [(<column_name>,...)] | SELECT [(<column_name>,...)] | SELUPD [(<column_name>,...)] | UPDATE [(<column_name>,...)]
These tables must not be temporary base tables.
The database user must have the authorization to grant (GRANT statement) and revoke (REVOKE statement) privileges for the specified tables. For base tables, the owner of the table has this authorization.
In the case of view tables, the owner may not always be authorized to assign or revoke all privileges. The database determines the privileges that a user can assign or revoke for a view table when the table is created. The result depends on the type of table and on the database user's privileges for the tables selected in the view table. The owner of a table can interrogate the privileges that he or she is allowed to grant or revoke by selecting the system table DOMAIN.TABLEPRIVILEGES.
All of the privileges that the database user can grant for tables are granted (GRANT statement) or revoked (REVOKE statement) for the specified database users, user groups, and roles.
If a database user who is not the owner of the table specifies ALL in a REVOKE statement, all of the privileges he or she has granted to the specified database user for this table are revoked.
If a role is defined as a privilege specification, it must exist and the current database user must be the owner of the role.
Allows the identified database user to execute the ALTER TABLE statement for the specified tables. The ALTER privilege can only be granted for base tables. The current database user must be authorized to grant the ALTER privilege.
Allows the identified database user to delete rows from the specified table. The current database user must be authorized to grant the DELETE privilege.
Allows the identified database user to execute the CREATE INDEX and DROP INDEX statements for the specified tables. The INDEX privilege can only be granted for base tables. The current database user must be authorized to grant the INDEX privilege.
Allows the identified database user to insert rows in the specified table. The current database user must be authorized to grant the INSERT privilege.
Allows the identified user to specify the table as a referenced table (referenced_table) in a column definition or referential CONSTRAINT definition.
Allows the identified database user to select rows in the specified table. If column names are specified, the rows may only be selected in the columns identified by these names. The current database user must be authorized to grant the SELECT privilege.
The SELECT and UPDATE privileges are granted. If column names are specified, the rows may only be selected or updated in the columns identified by these names. The current database user must be authorized to grant the SELECT and UPDATE privileges.
Allows the identified database user to change rows in the specified table. If column names are specified, the rows may only be updated in the columns identified by these names. The current database user must be authorized to grant the UPDATE privilege.