Column- or entry level access rights can provide additional access in two ways: by extending the rights to additional principals or by providing additional rights to the same principals. Of course, both ways can be combined. Following are some examples.
Assume a table object granted read rights to the table's owner:
Table 10-1 Table, Column, Entry Example 1
|
Nobody |
Owner |
Group |
World |
---|---|---|---|---|
Table Access Rights: |
---- |
r--- |
---- |
---- |
This means that the table's owner could read the contents of the entire table but no one else could read anything. You could then specify that Entry-2 of the table grant read rights to the group class:
Table 10-2 Table, Column, Entry Example 2
|
Nobody |
Owner |
Group |
World |
---|---|---|---|---|
Table Access Rights: |
---- |
r--- |
---- |
---- |
Entry-2 Access Rights: |
---- |
---- |
r--- |
---- |
Although only the owner could read all the contents of the table, any member of the table's group could read the contents of that particular entry. Now, assume that a particular column granted read rights to the world class:
Table 10-3 Table, Column, Entry Example 3
|
Nobody |
Owner |
Group |
World |
---|---|---|---|---|
Table Access Rights: |
---- |
r--- |
---- |
---- |
Entry-2 Access Rights: |
---- |
---- |
r--- |
---- |
Column-1 Access Rights: |
---- |
---- |
---- |
r--- |
Members of the world class could now read that column for all entries in the table (light shading in Table 10-4). Members of the group class could read everything in Column-1 (because members of the group class are also members of the world class) and also all columns of Entry-2 (dark shading in Table 10-4). Neither the world nor the group classes could read any cells marked *NP* (for Nor Permitted).
Table 10-4 Table, Column, Entry Example 4
|
Col 1 |
Col 2 |
Col 2 |
---|---|---|---|
Entry-1 |
contents |
*NP* |
*NP* |
Entry-2 |
contents |
contents |
contents |
Entry-3 |
contents |
*NP* |
*NP* |
Entry-4 |
contents |
*NP* |
*NP* |
Entry-5 |
contents |
*NP* |
*NP* |