5. Database User Roles and Permissions

Questions and Answers

What is the purpose of the CREATE USER command in a system?

The CREATE USER command is used to create a new user in the system with a specified username and password.

Explain the function of the GRANT command.

The GRANT command assigns specific access rights such as SELECT, INSERT, UPDATE, or DELETE to a user for a designated table.

What distinguishes an administrator from a regular user in terms of permissions?

An administrator has all permissions within the system, including the ability to create users, while regular users have limited permissions.

How can you revoke a user's permissions, and which command is used?

You can revoke a user's permissions using the REVOKE command, which removes specified rights from the user.

What is meant by roles in the context of user management in a system?

Roles represent a type of user within the system that simplifies the assignment of permissions by grouping them together.

Flashcards

Creating a User

Adding a user account to a system with specific access privileges.

User Permissions (GRANT)

Giving specific rights (e.g., read, write) to a user on a particular table in a database. The GRANT command controls what a user can do in the system.

Advanced Permissions

Granting rights to modify table structures, database schemas or other sensitive operations.

Administrator Privileges

Holding comprehensive access rights, including user creation and management in the whole database.

User Roles

Defining different user types or categories with predefined sets of permissions.

Study Notes

User Roles and Permissions

• Users are created in systems for different access levels
• Standard systems have more than one user
• User creation commands are used to add users
• CREATE USER user PASSWORD 'password' is a command to create a user with a password
• user is the username
• password is the user's password
• Example: CREATE USER vardenis PASSWORD 'nevardenis'

User Permissions

• Users are given permissions based on their needs.
• Standard systems have different user types (e.g., basic vs. administrator)
• Command GRANT SELECT [, INSERT, UPDATE, DELETE] ON TABLE_NAME TO user grants permissions
• SELECT, INSERT, UPDATE, DELETE are permission types
• Example: GRANT SELECT, DELETE ON darbuotojai TO vardenis grants select and delete permissions on the 'darbuotojai' table to the 'vardenis' user

Advanced Permissions

• To alter table structures, special commands are needed
• Other permission commands like GRANT ALTER ANY SCHEMA TO user provide advanced permissions
• ALTER gives editing permissions
• REVOKE ALTER ANY SCHEMA FROM user revokes advanced permissions

Administrator Permissions

• Administrators have all permissions (and add user creation permissions)
• Administrator commands include ALTER USER user ADMIN true
• These are usually not given to all users due to security concerns

User Roles

• A role is a user type.
• New users receive appropriate permissions.
• Using roles avoids needing separate grant statements for each user
• Roles are created using CREATE ROLE ROLE_NAME
• Role assignment uses GRANT ROLE_NAME TO user
• ROLE_NAME is the role