The Pyrrho Database Management System

Malcolm Crowe, University of the West of Scotland

 

Pyrrho SQL syntax

Access Control

Grant = GRANT Privileges TO GranteeList [ WITH GRANT OPTION ]
| GRANT Role_id { ',' Role_id } TO GranteeList [ WITH ADMIN OPTION ] .

Revoke = REVOKE [GRANT OPTION FOR] Privileges FROM GranteeList
| REVOKE [ADMIN OPTION FOR] Role_id { ',' Role_id } FROM GranteeList .

Revoke withdraws the specified privileges in a cascade, irrespective of the origin of any privileges held by the affected grantees: this is a change to SQL2011 behaviour.

Privileges = ObjectPrivileges ON ObjectName
| PASSWORD [id] [FOR Role_id ].

The Password privilege (Pyrrho specific) is for access to the database using HTTP, and can only be granted by the database owner. If the password field is blank it will be set by the next request from this user. The optional role identifier provides an initial role for access and implies a grant of the role to the user.

ObjectName = TABLE id
| DOMAIN id
| TYPE id
| Routine
| VIEW id
| DATABASE .

Routine = PROCEDURE id [DataTypeList]
| FUNCTION id [DataTypeList]
| [ MethodType ] METHOD id [DataTypeList] [FOR id ]
| TRIGGER id .

DataTypeList = '('Type, {',' Type }')' .

ObjectPrivileges = ALL PRIVILEGES | Action { ',' Action } .

Action = SELECT [ '(' id { ',' id } ')' ]
| DELETE
| INSERT [ '('' id { ',' id } ')' ]
| UPDATE [ '(' id { ',' id } ')' ]
| REFERENCES [ '(' id { ',' id } ')' ]
| USAGE
| TRIGGER
| EXECUTE
| OWNER .

Owner is added to allow ownership of database objects to be transferred to another user or role (not PUBLIC), or to establish a new owner for the database.

GranteeList = PUBLIC | Grantee { ',' Grantee } .

Grantee = [USER] id
| ROLE id .