> For the complete documentation index, see [llms.txt](https://vikram-bajaj.gitbook.io/cs-gy-6083-principles-of-database-systems/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://vikram-bajaj.gitbook.io/cs-gy-6083-principles-of-database-systems/sql/intermediate-sql/authorization.md). # Authorization ## Forms of authorization on parts of the database * **Read** - allows reading, but not modification of data * **Insert** - allows insertion of new data, but not modification of existing data * **Update** - allows modification, but not deletion of data * **Delete** - allows deletion of data ## Forms of authorization to modify the database schema * **Index** - allows creation and deletion of indices * **Resources** - allows creation of new relations * **Alteration** - allows addition or deletion of attributes in a relation * **Drop** - allows deletion of relations ## Granting Privileges The **grant** statement is used to confer authorization: ``` grant on to ``` \ is: * a user-id * public, which allows all valid users the privilege granted * a role: `create role instructor1` `grant select on relation to instructor1` Granting a privilege on a view does not imply granting any privileges on the underlying relations! The grantor of the privilege must already hold the privilege on the specified item (or be the database administrator). The following privileges can be granted: * **select**: allows read access to relation, or the ability to query using the view * **insert**: the ability to insert tuples * **update**: the ability to update using the SQL update statement * **delete**: the ability to delete tuples * **all privileges**: used as a short form for all the allowable privileges ## Revoking Authorization The **revoke** statement is used to revoke authorization. ``` revoke on from ``` \ may be all to revoke all privileges the revokee may hold If \ includes public, all users lose the privilege except those having them granted explicitly If the same privilege was granted twice to the same user by different grantees, the user may retain the privilege after the revocation All privileges that depend on the privilege being revoked are also revoked --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://vikram-bajaj.gitbook.io/cs-gy-6083-principles-of-database-systems/sql/intermediate-sql/authorization.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.