Database-level system roles are applicable to databases. The following roles have a database-wide scope and are available when assigning minimum database permissions:
no_access—No access to the database (if assigned using alter database) or to any databases in the application (if assigned using alter application).
read—Read-only access to the database (if assigned using alter database) or to all databases in the application (if assigned using alter application). Read access means ability to view files, retrieve data values, and run report scripts.
write—Write access to the database (if assigned using alter database) or to all databases in the application (if assigned using alter application). Write access means ability to update data values, in addition to having Read access.
execute—Calculate access to the database (if assigned using alter database) or to all databases in the application (if assigned using alter application). Calculate access means ability to update data values, in addition to having Read and Write access.
manager—Manager access to the database (if assigned using alter database) or to all databases in the application (if assigned using alter application). Manager access means ability to modify database outlines, in addition to having Read and Write access.
The following database-level system roles are available for granting to users and groups:
no_access—No access to the database.
read—Read-only access to the database. Read access means ability to view files, retrieve data values, and run report scripts.
write—Write access to the database. Write access means ability to update data values, in addition to having Read access.
manager—Manager access to the database. Manager access means ability to modify database outlines, in addition to having Read and Write access.
Note: | After granting read, write, or manager privilege to a user or group, these can be revoked by subsequently granting no_access. However, to prevent users from being able to load the application, you should also grant no_access at the application level. For example: |
/* Grant read permission on a database */ grant read on database Sample.Basic to user1; /* Revoke read permission on the database */ grant no_access on database Sample.Basic to user1; /* Revoke read permission at the application level, to remove application-startup permission */ grant no_access on application Sample to user1;