Granting and revoking of privileges

The GRANT and REVOKE commands set up and revoke object and administrator privileges.

There are two kinds of global objects: system wide and database specific. When a transaction is issued against a primary's replicated database, its effect on the replica is to replicate, not to replicate (does not abort but has no effect on the replica), or to abort the transaction on the primary. Handling of transactions depends on whether the objects that are referred to are replicated, non-replicated, or a mixture of both. The system replicates only complete statements and only replicated objects. Therefore, if the complete statement contains both non-replicated and replicated objects, it aborts.

The following table describes the handling of GRANT and REVOKE SQL statements on replicated, non-replicated, and system databases:

Table 1. GRANT and REVOKE command handling of administrative and object privileges
Database type	Replication of administrative privileges	Replication of object privileges
Replicated	Global and local objects are replicated.	Aborts when the list of objects contains a global non-replicated database. All other object types are replicated.
Non-replicated	Aborts global and also a mixture of global and local Local-only is not replicated	Aborts when the list of objects contains a global replicated database, user, or group. Other object types are not replicated.
System	Replicated	Aborts when the list of objects contains any of the following combinations: Object-class and system (for example, system table) or non-system objects Both global replicated and system or non-system objects Global non-replicated objects and object-class objects System and non-system objects Not replicated when the list of objects comprises non-system objects, global non-replicated objects, or a combination of those objects Replicates when the list of objects contains system objects only