Grant privileges

The authorization to use a database is called an access privilege. For example, the authorization to use a database is called the Connect privilege; authorization to insert a row into a table is called the Insert privilege. Use the GRANT statement to grant privileges on a database, table, view, or procedure, or to grant a role to a user or another role. Use the REVOKE statement to revoke privileges on a database or database object, or to revoke a role from a user or from another role.

A role is a classification of access privileges that the DBA assigns, such as payroll. After a role is created with the CREATE ROLE statement, the DBA can use the GRANT statement to assign access privileges to the role, and to assign the role to individual users (or to other roles), so that users with similar work tasks can hold the set of access privileges that their work tasks require. By assigning privileges to roles and roles to users, you can simplify the management of privileges. See also External routines and Roles for additional information about the role of roles in managing access privileges.

The following groups of privileges control the actions a user can perform on data and on database objects:
  • Database-level privileges
  • Ownership privileges
  • Table-level privileges
  • Column-level privileges
  • Type-level privileges
  • Routine-level privileges
  • Language-level privileges
  • Automating privileges

For the syntax of the GRANT and REVOKE statements, see the IBM® Informix® Guide to SQL: Syntax.