Object-Type Level Privileges Management
You can assign privileges at different levels of granularity on system and database objects to control access for users in the System. The levels are:
- All objects of the specified object type in the system
- All objects of the specified object type in the database
- Specific object
This series of workflows shows how you can manage access to the VIEW privilege for all views (where a view is the object type) in a specified database.
This workflow creates a group and grants the VIEW privilege to all views and the ability to read the views in the database to the group.
Create the view_analyst group. You can see the created group using the sys.groups system catalog table.
Grant the VIEW privilege for views on the test database to the view_analyst group.
Grant the SELECT privilege on the database to the group.
View the granted privileges using the sys.privileges system catalog table. The Ocient System grants the USE privilege on the database implicitly.
Output
This workflow creates a user, assigns this user to the created group, and creates a view with generated data. The workflow shows the information that the user has access to in the database based on the granted privileges.
Create the test_user user.
Add the user to the view_analyst group.
Create the view view that selects five generated rows.
Connect to the database at the 10.10.1.1 IP address with port number 4050 as the test_user user.
View the privileges of the user using the sys.privileges system catalog table. This user has no privileges of their own.
Output
See the metadata for views that the user has access to within this database. The user has access to the test view only.
Output
Verify that the user can select the data in the view view.
Output