GRANT — define access privileges.


GRANT rolename TO username [[NOT] DEFAULT] [ WITH GRANT OPTION ]  
GRANT { ALTER | EXECUTE } ON PROCEDURE procname TO { [USER] user | ROLE rolename } [, ...]

GRANT { ALTER | EXECUTE } ON FUNCTION funcname[/argcount] TO { [USER] user | ROLE rolename } [, ...]
GRANT { CREATE | ALTER } ON SCHEMA schemaname TO { [USER] user | ROLE rolename } [, ...]

GRANT privilege ON object TO { [USER] user ROLE rolename } [, ...] 

  where user is:
      username |PUBLIC 
  where privilege is:

  and object is:
      ALL TABLES IN SCHEMA schemaname|
      VIEW viewname|     
      ALL SEQUENCES IN SCHEMA schemaname|
      SEQUENCE sequencename
      USER username


GRANT defines access. The GRANT statement gives specific permissions on an object (a table, view or procedure) to one or more roles and/or users. The GRANT statement is also used to assign a role, that has been granted specific permissions, to a user. These permissions are added to those already granted, if any. It is recommended that you use the GRANT statement to grant privileges to roles (rather than to users) and then assign roles to users.

NuoDB defines two system roles that can be granted to users as follows:

You do not have to grant privileges to the creator of an object, because the creator has all privileges by default. Creators can choose to revoke some of their own privileges for safety.

By default, only the creator of a schema and a user who has been assigned the DBA role can

To give these privileges to another user, you must use the GRANT statement. Specify GRANT CREATE ON SCHEMA to give permission to a user to create table, view, domain and sequence objects in the specified schema. For an example of a query that lets you know which users have CREATE privileges on a schema, see About Database Access and Security. The GRANT CREATE ON SCHEMA statement does not do the following:

Specify GRANT ALTER ON SCHEMA to give permission to a user to drop the specified schema.

Use the REVOKE statement (see REVOKE) to revoke access privileges from roles and/or users.

To grant privileges to only a few columns, you must create a view that contains the columns of interest and then grant privileges to that view.