The user (or several users) or role is specified for which privileges are to be granted with the GRANT statement or revoked with the REVOKE statement.
<grantee> ::= PUBLIC | <user_name> | <usergroup_name> | <role_name>
user_name, usergroup_name, role_name
A user in the grantee list must not be identical to the user name of the current user or the name of the owner of the table. A user in the grantee list must not denote a member of a usergroup.
If a role is assigned to a user or usergroup, it extends the set of roles which can be activated for this user or usergroup. The user activates the role either with the SET statement or by including the role in the set of roles automatically activated when a session was opened with the ALTER USER statement or ALTER USERGROUP statement.
A cycle may not be created when a role is assigned to a role, that is
· a role cannot be assigned to itself.
· if a role R1 is assigned to a role R2, R2 may not be assigned to R1.
· if a role R1 is assigned to a role R2 and R2 is assigned to a role R3, R3 may not be assigned to either R2 or R1.
· etc.
The listed privileges are granted to all users, both to current ones and to any created later.
A role cannot be assigned to PUBLIC.