Represents authorization information of classes for which the current user has access authorization to a database.
Attribute Name |
Data Type |
Description |
---|---|---|
grantor_name |
VARCHAR(255) |
Name of the user who grants authorization |
grantee_name |
VARCHAR(255) |
Name of the user who is granted authorization |
class_name |
VARCHAR(255) |
Name of the class for which authorization is to be granted |
auth_type |
VARCHAR(7) |
Name of the authorization type granted |
is_grantable |
VARCHAR(3) |
'YES' if authorization for the class can be granted to other users, and 'NO' otherwise. |
CREATE VCLASS db_auth (grantor_name, grantee_name, class_name, auth_type, is_grantable )
AS
SELECT CAST(a.grantor.name AS VARCHAR(255)),
CAST(a.grantee.name AS VARCHAR(255)),
a.class_of.class_name, a.auth_type,
CASE WHEN a.is_grantable = 0 THEN 'NO' ELSE 'YES' END
FROM _db_auth a
WHERE (CURRENT_USER = 'DBA' OR
{a.class_of.owner.name} subseteq (
SELECT set{CURRENT_USER} + coalesce(sum(set{t.g.name}), set{})
from db_user u, table(groups) as t(g)
where u.name = CURRENT_USER ) OR
{a.class_of} subseteq (
SELECT sum(set{au.class_of})
FROM _db_auth au
WHERE {au.grantee.name} subseteq (
SELECT set{CURRENT_USER} + coalesce(sum(set{t.g.name}), set{})
from db_user u, table(groups) as t(g)
where u.name = CURRENT_USER ) AND
au.auth_type = 'SELECT'));
The following example how to retrieve authorization information of the classes whose names begin with 'db_a'.
SELECT class_name, auth_type, grantor_name
FROM db_auth
WHERE class_name like 'db_a%'
ORDER BY 1;
class_name auth_type grantor_name
==================================================================
'db_attr_setdomain_elm' 'SELECT' 'DBA'
'db_attribute' 'SELECT' 'DBA'
'db_auth' 'SELECT' 'DBA'
'db_authorization' 'EXECUTE' 'DBA'
'db_authorization' 'SELECT' 'DBA'
'db_authorizations' 'EXECUTE' 'DBA'
'db_authorizations' 'SELECT' 'DBA'