|Home | Getting Started | Documentation | Demo | Download | Support|
When a database object is created, it is assigned an owner. The owner is the user that executed the creation statement. By default, only an owner and DBA user can do anything with the database object. In order to allow other users to use it, privileges must be granted.
There are several possible privileges:
Privileges are assigned to database objects or to the whole database. The table below for every privilege lists all kinds of database objects or the whole database it can be assigned to.
Plus there is the key word ALL that denotes all possible privilege that can be granted to the specified object.
Note, DROP privilege on collection is granted to a user means that the user can drop any document in this collection (there is no such kind of database object as ’document in collection’). LOAD privilege on the database allows user to load standalone documents; LOAD privilege on a collection allows user to load documents into the collection.
Role is a named group of related privileges. Roles provide easy and controlled way to manage privileges. To create role CREATE ROLE statement is used:
CREATE ROLE "role-name"
This statement creates role with name role-name. When created role does not contain any privileges. It is not recommended to created a role with a name of an existing user (in this case privileges will be granted both to this user and to this role).
It is not allowed to use ”DBA” and ”PUBLIC” for naming roles as they are reserved by the system.
To destroy a role, use DROP ROLE:
DROP ROLE "role-name"
Role is automatically revoked from any user it was granted to.