授權(quán)

權(quán)限種類

privileges: select, insert, update, delete, all privileges

授權(quán)語句

grant <privilege list>
    on <relation name or view name>
    to <user list>

其中<user list>可以是：public, user-id, role

grant select on student to Amit

grant select(ID) on student to Satoshi

權(quán)限回收

revoke <privilege list>
    on <relation name or view name>
    from <user list>

revoke select on department from Amit
revoke select(budget) on department from Satoshi

權(quán)限授予圖

大多數(shù)數(shù)據(jù)庫中，級聯(lián)是默認(rèn)行為。

可以通過如下語句防止級聯(lián)：

revoke select on department from Amit, Satoshi restrict;

以下語句顯式指定級聯(lián)回收：

revoke select on department from Amit, Satoshi cascade;

以下語句僅僅回收用戶再授權(quán)的權(quán)限：

revoke grant option for select on department from Amit;

roles

create role Instructor;
grant Instructor to Mr.Wang; 將role授予用戶
grant select on takes to Instrucor; 授予role以takes關(guān)系上的select權(quán)限
create role dean;   
grant Instructor to dean;    將role授予其他role

權(quán)限的轉(zhuǎn)移

獲得了某些形式權(quán)限的用戶可能被允許將此授權(quán)傳遞給其他用戶。默認(rèn)方式下：被授予權(quán)限的用戶/role無權(quán)再授予。

允許其再授予：grant select on department to Amit with grant option