Setting Permissions on Your Database Tables

You set object privileges — permissions on individual tables, views, and so forth — by modifying the GENESIS_AUTHS system table. GENESIS_AUTHS is created when you use the -pa option to xdbcutil or ainit when creating the system catalog. (While ainit defaults to -pa, you must specify -pa with xdbcutil.)

Like the database-level privileges described in Granting Database Privileges, this is done by issuing GRANT commands from an SQL query tool like xdbcquery. Use the SQL GRANT command to specify permissions for specific users. If a table is loaded into the PUBLIC schema (the default), all users have all access levels to the table. If a table is loaded into an alternate schema, the SQL GRANT statement must be executed on the table to give access permissions to individual users, or to all users if permission is granted to PUBLIC.

Note that different access permissions can be granted to different users. For example, one user may have just SELECT (or what we might call read-only) permissions, while a different user might have SELECT and UPDATE permissions (this user can modify data).

Setting permissions is often performed at the user site by a site administrator. If you would like to pre-set a group of permissions, the series of GRANT statements can be placed in a text file and then executed as a script using asql or xdbcquery. For details, see the topic GRANT (Database Privileges) command.