Object-Type Level Privileges Management

you can assign privileges at different levels of granularity on system and database objects to control access for users in the {{ocient}} system the levels are all objects of the specified object type in the system all objects of the specified object type in the database specific object this series of workflows shows how you can manage access to the view privilege for all views (where a view is the object type) in a specified database grant privileges this workflow creates a group and grants the view privilege to all views and the ability to read the views in the database to the group create the view analyst group you can see the created group using the sys groups system catalog table create group "view analyst"; grant the view privilege for views on the test database to the view analyst group grant view view on database "test" to group "view analyst"; grant the select privilege on the database to the group grant select on database "test" to group "view analyst"; view the granted privileges using the sys privileges system catalog table the ocient system grants the use privilege on the database implicitly select privilege, privilege target, object type, grantee, grantor from sys privileges where grantee = 'view analyst' and grantor != 'view analyst'; output privilege privilege target object type grantee grantor \ view view database view analyst admin\@system use null database view analyst admin\@system select null database view analyst admin\@system fetched 3 rows verify privileges this workflow creates a user, assigns this user to the created group, and creates a view with generated data the workflow shows the information that the user has access to in the database based on the granted privileges create the test user user create user test user password=' '; add the user to the view analyst group alter group "view analyst" add user test user; create the view view that selects five generated rows create view "test" "view" as (select from sys dummy5); connect to the database at the 10 10 1 1 ip address with port number 4050 as the test user user connect to jdbc\ ocient //10 10 1 1 4050/test;user=test user;password= ; view the privileges of the user using the sys privileges system catalog table this user has no privileges of their own select privilege, privilege target, object type, grantee, grantor from sys privileges where grantee = 'test user' and grantor != 'test user'; output privilege privilege target object type grantee grantor \ fetched 0 rows warning no data found see the metadata for views that the user has access to within this database the user has access to the test view only show views; output table catalog table schema table name view definition created at updated at creator id \ test test view select from sys dummy5 2025 02 19 14 53 53 513978712 2025 02 19 14 53 53 513978712 null fetched 1 row verify that the user can select the data in the view view select from "test" "view"; output c1 \ 1 2 3 4 5 fetched 5 rows related links docid\ asr8r6xqiyofgaz5qnbiw https //docs ocient com/system catalog docid\ xh 8jfelifhxgjnei ffy