Toad Edge provides a number of options related to user privileges and how to grant/revoke them. As a general overview, user privileges are granted/revoked on three levels.
These levels also represent a hierarchy where privileges on higher level are inherited at lower levels by default.
User privileges can be of several types:
The following table describes how privileges set on higher levels affect privileges on the other levels:
Higher level | Current level | Lower level |
---|---|---|
Granted | Inherited (granted) | Inherited (granted) |
Revoked | Inherited (revoked) | Inherited (revoked) |
Revoked | Granted | Inherited (granted) |
Granted | Granted & Inherited | Inherited (granted) |
Toad Edge allows you to examine currently configured privileges from two views:
To examine privileges of a user
To examine privileges of an object
Button | Option | Description |
---|---|---|
Modify Privileges | Opens a dialog where you can grant/revoke privileges to each individual object | |
Add Wildcard Pattern Privileges | Opens a dialog where you can configure Wildcard patterns privileges | |
Add Proxy User Privileges | Opens a dialog where you can set up Proxy user privileges | |
Revoke Privileges | Revokes the selected privilege for the selected object |
Button | Option | Description |
---|---|---|
Modify Privileges | Opens a dialog where you can grant/revoke privileges of any user to the object | |
Open Script in Worksheet | Opens the privilege configuration script of the selected user to the object in Worksheet | |
Open Script Generation Settings | Allows you to enable/disable inclusion of inherited privileges in the generated privilege script. When disabled, only granted or granted & inherited privileges will be included | |
Open User Detail | Opens the User Detail of the selected user | |
Filter Unprivileged | Hides users that have not been granted any privileges |
|
NOTE: Privileges that are set using these methods are NOT visible in the Privileges tab in User Detail and Object Detail. |
Wildcard pattern privileges offer a way to grant privileges for multiple databases at once. The condition is that the database names must match a specific wildcard.
To set wildcard pattern privileges for databases
|
NOTE: Setting database privileges using wildcards has a side effect. You are not able to revoke privileges to a particular database from the set of databases that match the wildcard. Consider the following example. A user has been granted the SELECT privilege to all databases which match the "test\_%" wildcard. There are three such databases - test_tables, test_views and test_routines. In this situation, you are not able to revoke the privilege for any one of the three databases, such as test_tables. |
Using proxies, users are able to use privileges of other users. In this operation, there are two sides:
To add proxy user privileges
© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy