Toad Edge provides a number of options related to user privileges and how to grant/revoke them. As a general overview, user privileges are granted/revoked on three levels.
These levels also represent a hierarchy where privileges on higher level are inherited at lower levels by default.
User privileges can be of several types:
The following table describes how privileges set on higher levels affect privileges on the other levels:
|Higher level||Current level||Lower level|
|Granted||Inherited (granted)||Inherited (granted)|
|Revoked||Inherited (revoked)||Inherited (revoked)|
|Granted||Granted & Inherited||Inherited (granted)|
Toad Edge allows you to examine currently configured privileges from two views:
To examine privileges of a user
To examine privileges of an object
|Modify Privileges||Opens a dialog where you can grant/revoke privileges to each individual object|
|Add Wildcard Pattern Privileges||Opens a dialog where you can configure Wildcard patterns privileges|
|Add Proxy User Privileges||Opens a dialog where you can set up Proxy user privileges|
|Revoke Privileges||Revokes the selected privilege for the selected object|
|Modify Privileges||Opens a dialog where you can grant/revoke privileges of any user to the object|
|Open Script in Worksheet||Opens the privilege configuration script of the selected user to the object in Worksheet|
|Open Script Generation Settings||Allows you to enable/disable inclusion of inherited privileges in the generated privilege script. When disabled, only granted or granted & inherited privileges will be included|
|Open User Detail||Opens the User Detail of the selected user|
|Filter Unprivileged||Hides users that have not been granted any privileges|
NOTE: Privileges that are set using these methods are NOT visible in the Privileges tab in User Detail and Object Detail.
Wildcard pattern privileges offer a way to grant privileges for multiple databases at once. The condition is that the database names must match a specific wildcard.
To set wildcard pattern privileges for databases
NOTE: Setting database privileges using wildcards has a side effect. You are not able to revoke privileges to a particular database from the set of databases that match the wildcard. Consider the following example.
A user has been granted the SELECT privilege to all databases which match the "test\_%" wildcard. There are three such databases - test_tables, test_views and test_routines. In this situation, you are not able to revoke the privilege for any one of the three databases, such as test_tables.
Using proxies, users are able to use privileges of other users. In this operation, there are two sides:
To add proxy user privileges