A privilege specification (priv_spec) defines a role or a set of privileges for specific tables.
<priv_spec> ::=
ALL [PRIV[ILEGES]] ON [TABLE] <table_name>,...
| <privilege>,... ON [TABLE] <table_name>,... |
<role_name>
table name, privilege, role name
These tables must not be temporary base tables.
The user must have the authorization to grant (GRANT statement) and revoke (REVOKE statement) privileges for the specified tables. For base tables, the owner of the table has this authorization.
In the case of view tables, the owner may not always be authorized to assign or revoke all privileges. The database determines the privileges that a user can assign or revoke for a view table when the table is created. The result depends on the type of table and on the user's privileges for the tables selected in the view table. The owner of a table can interrogate the privileges that he or she is allowed to grant or revoke by selecting the system table DOMAIN.PRIVILEGES.
A list of all the privileges that can be granted is provided in the privilege type.
If a role is defined as a privilege specification, it must exist and the current user must be the owner of the role.
All of the privileges that the user can grant for tables are granted (GRANT statement) or revoked (REVOKE statement) for the specified users, user groups, and roles.
If a user who is not the owner of the table specifies ALL in a REVOKE statement, all of the privileges he or she has granted to the specified user for this table are revoked.