Chapter 4 Database Security
4.1_ Autonomous access control method
4.1.1_Authorization and recycling
1.
GRANT : GRANT <authority>[,<authority>]...
[ON <object type> <object name>]
TO <user>[,<user>]...
[WITH GRANT OPTION]
Description:
If the clause WITH is specified GRANT OPTION, a user who has obtained a certain permission can also grant this permission to other users
2.
REVOKE : REVOKE <permission>[,<permission>]...
[ON <object type> <object name>]
FROM <user>[,<user>]...
--把查询Student表权限授给用户U1
GRANT SELECT
ON Student
TO U1
--把用户U4修改学生学号的权限收回
REVOKE UPDATE(Sno)
ON Student
FROM U4
4.2_ database role
4.2.1_ Role creation
CREATE ROLE <role name>
4.2.2_ Authorize roles
GRANT <authority> [, <authority>]...
ON <object type> object name
TO <role> [, <role>]...
4.2.3_ Grant a role to other roles or users
GRANT <role 1> [, <role 2>]...
TO <role 3> [, <user 1>]...
[WITH ADMIN OPTION]
If the clause WITH ADMIN OPTION is specified, the role or user that has obtained certain permissions can also grant this permission to other roles or users
4.2.4_ Recovery of role permissions
REVOKE <permission> [, <permission>]...
ON <object type> <object name>
FROM <role> [, <role>]...