Db2 简明教程

DB2 - Roles

Introduction

角色是一个可以分配给用户、组、PUBLIC 或其他角色的多个权限的数据库对象,这通过使用 GRANT 语句来实现。

A role is a database object that groups multiple privileges that can be assigned to users, groups, PUBLIC or other roles by using GRANT statement.

Restrictions on roles

  1. A role cannot own database objects.

  2. Permissions and roles granted to groups are not considered when you create the following database objects. Package Containing static SQLViewsMaterialized Query Tables (MQT)TriggersSQL Routines

Creating and granting membership in roles

Syntax: [创建新角色]

Syntax: [To create a new role]

db2 create role <role_name>

Example : [创建名为“sales”的新角色以添加某些表,这些表将由某些用户或组管理]

Example: [To create a new role named ‘sales’ to add some table to be managed by some user or group]

db2 create role sales

Output:

Output:

DB20000I The SQL command completed successfully.

Granting role from DBADM to a particular table

Syntax: [向表授予角色的权限]

Syntax: [To grant permission of a role to a table]

db2 grant select on table <table_name> to role <role_name>

Example : [向角色“sales”添加管理表“shope.books”的权限]

Example: [To add permission to manage a table ‘shope.books’ to role ‘sales’]

db2 grant select on table shope.books to role sales

Output:

Output:

DB20000I  The SQL command completed successfully.

安全管理员向必需用户授予角色。(在你使用此命令之前,你需要创建用户。)

Security administrator grants role to the required users. (Before you use this command, you need to create the users.)

Syntax: [向角色添加用户]

Syntax: [To add users to a role]

db2 grant role <role_name> to user <username>

Example : [向角色“sales”添加用户“mastanvali”]

Example: [To add a user ‘mastanvali’ to a role ‘sales’]

db2 grant sales to user mastanvali

Output:

Output:

DB20000I  The SQL command completed successfully.

Role hierarchies

要为角色创建层级结构,需要向每个角色授予权限/成员资格,以便与另一个角色关联。

For creating a hierarchies for roles, each role is granted permissions/ membership with another role.

Syntax: [在此语法之前,创建一个名为“production”的新角色]

Syntax: [before this syntax create a new role with name of “production”]

db2 grant role <roll_name> to role <role_name>

Example : [向另一个角色“production”提供角色“sales”的权限]

Example: [To provide permission of a role ‘sales’ to another role ‘production’]

db2 grant sales to role production