adminsuperuser is created by default. The
adminsuperuser is granted all privileges on all database objects. Superusers can create new users that, by default, have no database object privileges.
ALLprivileges on a table created by that user.
user1by granting a role to
user1and by directly granting a privilege. This example presumes that
user1already exist, and that
user1has ACCESS privileges on the database where
r_selectrole. Any user granted the
r_selectrole gains the SELECT privilege.
user1the SELECT privilege on
user1the INSERT privilege on
GRANT ON TABLE
TRUNCATEprivilege or specify all privileges.
employeestable for the payrollDept role.
employeestable for user chris.
employeestable for the hrdept and accountsPayableDept roles.
employeestable for the role hrDept and for users dennis and mike.
REVOKE ON TABLE
TRUNCATEprivileges, or remove all privileges.
employeestable for the nonemployee role.
directorstable for the employee role.
directorstable for role employee and user laura.
employeestable for the role nonemployee and for users dennis and mike.
GRANT ON VIEW
DROPprivileges, or specify all privileges.
employeesview for the payrollDept role.
employeesview for the employee role and user venkat.
employeesview for the hrDept and acctPayableDept roles and users simon and dmitri.
REVOKE ON VIEW
SELECTprivileges, or remove all privileges.
employeesview for the nonemployee role.
directorsview for the employee role.
directorsview for the employee and manager role and for users ashish and lindsey.
GRANT ON DATABASE
companydbdatabase for the payrollDept role and user david.
companydbdatabase for the employee role.
companydbdatabase for the hrdept and manager role and for users irene and stephen.
REVOKE ON DATABASE
employeesdatabase for the nonemployee role.
directorsdatabase for the employee role and for user monica.
directorsdatabase for employee role and for users max and alex.
GRANT ON DASHBOARD
\dashcommand when logged in as superuser.
740for the payrollDept role.
730for the hrDept role and user dennis.
740for the hrDept and accountsPayableDept roles and for user pavan.
REVOKE ON DASHBOARD
740for the payrollDept role.
730for hrDept role and users dennis and mike.
740for the hrDept and accountsPayableDept roles and for users dante and jonathan.
table4are created as needed:
\dashcommand to list all dashboards and their unique IDs in Omnisci:
table2as a data source. The role
marketingDeptRole2has select privileges on that table. Grant view access on the
omnisql> \dash database omnisci Dashboard ID | Dashboard Name | Owner 1 | Marketing_Summary | omnisci
view_users_limited, in which users only see three of seven fields:
view_users_full, users see all seven fields.
readonly1sees no tables, only the specific view granted, and only the three specific columns returned in the view:
readonly2sees no tables, only the specific view granted, and all seven columns returned in the view: