Authorization

Authorization

Authorization is the process of giving someone permission to do or have Something. 

Authorization is the function of specifying access rights/privileges to resources, which is related to information security and computer security in general and to access control in particular.

A user may assign a user several forms of authorizations on parts of the database.

Authorizations on data include:

• Authorization to read data.

• Authorization to insert new data.

• Authorization to update data.

• Authorization to delete data.

Each of these types of authorizations is called a privilege.

The user can be authorized with all, none, or a combination of these types of privileges on specified parts of a database, such as a relation or a view.

In addition to authorizations on data, users may also be granted authorizations on the database schema, allowing them, for example, to create, modify, or drop relations. A user who has some form of authorization may be allowed to pass on (grant) this authorization to other users, or to withdraw (revoke) an authorization that was granted earlier.

Granting and Revoking of Privileges

The SQL standard includes the privileges select, insert, update, and delete. The privilege all privileges can be used as a short form for all the allowable privileges.

The SQL data-definition language includes commands to grant and revoke privileges. The grant statement is used to confer authorization. The basic form of this statement is:

grant <privilege list>

on <relation name or view name>

to <user/role list>;                

Example:

grant select on department to Ashraf, Suresh;

grant update (budget) on department to Ashraf, Suresh;

To revoke an authorization, we use the revoke statement. It takes a form almost identical to that of grant:

revoke <privilege list>

on <relation name or view name>

from <user/role list>;