Connect privilege
allows you to open a database, issue queries, and create and place indexes on temporary tables.
Resource privilege
allows you to create permanent tables and user-defined data types.
DBA privilege
allows you to perform several additional functions as the DBA.
Only four of the several table-level privileges are covered here:
Select privilege
is granted on a table-by-table basis and allows you to select rows from a table. (This privilege can be limited by specific columns in a table.)
Delete privilege
allows you to delete rows.
Insert privilege
allows you to insert rows.
Update privilege
allows you to update existing rows (that is, to change their content).
The people who create databases and tables often grant the Connect and Select privileges to public so that all users have them. If you can query a table, you have at least the Connect and Select privileges for that database and table. For more information about public, see "The Users and the Public".
You need the other table-level privileges to modify data. The owners of tables often withhold these privileges or grant them only to specific users. As a result, you might not be able to modify some tables that you can query freely. Because these privileges are granted on a table-by-table basis, you can have only Insert privileges on one table and only Update privileges on another, for example. The Update privileges can be restricted even further to specific columns in a table. Chapter 11, "Granting and Limiting Access to Your Database," discusses granting privileges from the standpoint of the DBA. A complete list of privileges and a summary of the GRANT and REVOKE statements can be found in Chapter 1 of the Informix Guide to SQL: Syntax.
Displaying Table Privileges If you are the owner of a table (that is, if you created it), you have all privileges on that table. Otherwise, you can determine the privileges you have for a certain table by querying the system catalog. The system catalog consists of system tables that describe the database structure. The privileges granted on each table are recorded in the systabauth system table. To display these privileges, you must also know the unique identifier number of the table. This number is specified in the systables system table. To display privileges granted on the orders table, you might enter the following SELECT statement:
The grantor is the user who grants the privilege. The grantor is usually the owner of the table but can be another user empowered by the grantor. The grantee is the user to whom the privilege is granted, and the grantee public means "any user with Connect privilege." If your user name does not appear, you have only those privileges granted to public. The tabauth column specifies the privileges granted. The letters in each row of this column are the initial letters of the privilege names except that i means Insert and x means Index. In this example, public has Select, Insert, and Index privileges. Only the user mutator has Update privileges, and only the user procrustes has Delete privileges. Before the database server performs any action for you (for example, execute a DELETE statement), it performs a query similar to the preceding one. If you are not the owner of the table, and if it cannot find the necessary privilege on the table for your user name or for public, it refuses to perform the operation.
i
x
