Toad Edge provides a number of options related to user privileges and how to grant/revoke them. As a general overview, user privileges are granted/revoked on three levels.
- Server (global level)
- Database objects (tables, views, routines - procedures and functions)
These levels also represent a hierarchy where privileges on higher level are inherited at lower levels by default.
User privileges can be of several types:
- Inherited () - the privilege has been granted on higher level and it is not possible to revoke it on the current level
- Example: User has been granted the CREATE privilege on the server level. It appears as inherited on the database/object levels and cannot be revoked there. It can be granted again on lower levels although this is unnecessary
- Granted & Inherited () - this privilege has been granted on higher level and also on the current level
- Example: User has been granted the SELECT privilege on the server level and then again on the database level. It appears as granted & inherited on the database level
- Granted () - the privilege has been granted on the current level and can be revoked
- Example: User has been granted the UPDATE privilege on the object level. It appears as granted on the object level, and it can be revoked
- Revoked (blank value) - the privilege has not been granted on any level
- Example: User has been revoked the EXECUTE privilege on the database level. It appears as revoked on the object level. It also appears as revoked on the server level as if it were granted on the server level, it could not be revoked on the database level in the first place
The following table describes how privileges set on higher levels affect privileges on the other levels:
|Granted & Inherited