> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ocient.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Object-Type Level Privileges Management

export const Ocient = "Ocient®";

You can assign privileges at different levels of granularity on system and database objects to control access for users in the {Ocient} System. The levels are:

* All objects of the specified object type in the system
* All objects of the specified object type in the database
* Specific object

This series of workflows shows how you can manage access to the `VIEW` privilege for all views (where a view is the object type) in a specified database.

## Grant Privileges

This workflow creates a group and grants the `VIEW` privilege to all views and the ability to read the views in the database to the group.

<Steps>
  <Step>
    Create the `view_analyst` group. You can see the created group using the `sys.groups` system catalog table.

    ```sql SQL theme={null}
    CREATE GROUP "view_analyst";
    ```
  </Step>

  <Step>
    Grant the `VIEW` privilege for views on the `test` database to the `view_analyst` group.

    ```sql SQL theme={null}
    GRANT VIEW VIEW ON DATABASE "test" TO GROUP "view_analyst";
    ```
  </Step>

  <Step>
    Grant the `SELECT` privilege on the database to the group.

    ```sql SQL theme={null}
    GRANT SELECT ON DATABASE "test" TO GROUP "view_analyst";
    ```
  </Step>

  <Step>
    View the granted privileges using the `sys.privileges` system catalog table. The  Ocient System grants the `USE` privilege on the database implicitly.

    ```sql SQL theme={null}
    SELECT privilege, privilege_target, object_type,
        grantee, grantor
    FROM sys.privileges
    WHERE grantee = 'view_analyst' and grantor != 'view_analyst';
    ```

    *Output*

    ```none Text theme={null}
    privilege                                    privilege_target                             object_type                                  grantee                                      grantor
    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    VIEW                                         VIEW                                         DATABASE                                     view_analyst                                 admin@system
    USE                                          NULL                                         DATABASE                                     view_analyst                                 admin@system
    SELECT                                       NULL                                         DATABASE                                     view_analyst                                 admin@system

    Fetched 3 rows
    ```
  </Step>
</Steps>

## Verify Privileges

This workflow creates a user, assigns this user to the created group, and creates a view with generated data. The workflow shows the information that the user has access to in the database based on the granted privileges.

<Steps>
  <Step>
    Create the `test_user` user.

    ```sql SQL theme={null}
     CREATE USER test_user PASSWORD='**';
    ```
  </Step>

  <Step>
    Add the user to the `view_analyst` group.

    ```sql SQL theme={null}
    ALTER GROUP "view_analyst" ADD USER test_user;
    ```
  </Step>

  <Step>
    Create the `view` view that selects five generated rows.

    ```sql SQL theme={null}
    CREATE VIEW "test"."view" AS (SELECT * FROM sys.dummy5);
    ```
  </Step>

  <Step>
    Connect to the database at the `10.10.1.1` IP address with port number `4050` as the `test_user` user.

    ```shell Shell theme={null}
    connect to jdbc:ocient://10.10.1.1:4050/test;user=test_user;password=**;
    ```
  </Step>

  <Step>
    View the privileges of the user using the `sys.privileges` system catalog table. This user has no privileges of their own.

    ```sql SQL theme={null}
    SELECT privilege, privilege_target, object_type, grantee, grantor
    FROM sys.privileges
    WHERE grantee = 'test_user' AND grantor != 'test_user';
    ```

    *Output*

    ```none Text theme={null}
    privilege                                    privilege_target                             object_type                                  grantee                                      grantor
    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Fetched 0 rows
    Warning: No data found
    ```
  </Step>

  <Step>
    See the metadata for views that the user has access to within this database. The user has access to the `test` view only.

    ```sql SQL theme={null}
    SHOW VIEWS;
    ```

    *Output*

    ```none Text theme={null}
    table_catalog                                table_schema                                 table_name                                   view_definition                              created_at                   updated_at                   creator_id
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    test                                         test                                         view                                         select * from sys.dummy5                     2025-02-19 14:53:53.513978712 2025-02-19 14:53:53.513978712 NULL

    Fetched 1 row
    ```
  </Step>

  <Step>
    Verify that the user can select the data in the `view` view.

    ```sql SQL theme={null}
    SELECT * FROM "test"."view";
    ```

    *Output*

    ```none Text theme={null}
    c1
    -----------
    1
    2
    3
    4
    5

    Fetched 5 rows
    ```
  </Step>
</Steps>

## Related Links

[Data Control Language (DCL) Statement Reference](/data-control-language-dcl-statement-reference)

[System Catalog](/system-catalog)

[Generate Tables Using sys.dummy](/generate-tables-using-sys-dummy)
