In this chapter, we describe the features that SQL offers for protecting data in the tables against deliberate or accidental unauthorized use. For the security of data, SQL users, passwords, and privileges are required.
SQL users must be known to SQL before they can access the database data. In Chapter 3, “Installing the Software,” we showed you how one user is created automatically during SQL installation. In Chapter 4, “SQL in a Nutshell,” we showed how a new SQL user called BOOKSQL
was introduced. Logging on to SQL without an existing user name is just not possible.
To each SQL user, a password can be assigned. When a password is required, accessing the database data becomes even more difficult because the name of an SQL user is no longer sufficient. After following the procedure to install the sample database as described in this book, the user BOOKSQL
has the password BOOKSQLPW
. You have probably entered this password many times, and you already have discovered what happens if you make a typing error: no access!
New SQL users are not allowed to access tables belonging to other SQL users, even with the SELECT
statement. Nor can they create their own tables. New SQL users must explicitly be granted privileges. We can indicate, for example, that an SQL user is allowed to query a certain table or change specific columns of a table. Another SQL user might be allowed to create tables, and the third to create and remove complete databases.
The privileges that can be granted are divided into four groups:
Column privileges relate to one specific column of a table—for example, the privilege to update the values in the AMOUNT
column of the PENALTIES
table with UPDATE
statements.
Table privileges relate to all data of one specific table—for example, the privilege to query all the data of the PLAYERS
table with SELECT
statements.
Database privileges relate to all tables of one specific database—for example, the privilege to create new tables in the existing TENNIS
database.
User privileges relate to all databases that are known to SQL—for example, the privilege to remove existing databases or to create new ones.
In this chapter, we explain how new SQL users can be entered and how privileges can be assigned with the GRANT
statement. All privileges are stored in the catalog, of course. We also describe how privileges can be recalled with the REVOKE
statement and how SQL users can be removed from the catalog.
In the following sections of this chapter, we use the term user instead of the somewhat longer SQL user, for convenience; see Section 4.3, in Chapter 4, to find out the difference between the two.
Besides BOOKSQL
, we can add other users. In Section 4.13, in Chapter 4, we used an example to show how a new user can be added. In this section, we explain it in more detail.
To add new users in the catalog, SQL uses the simple CREATE USER
statement.
<create user statement> ::= CREATE USER <user name> IDENTIFIED BY <password> <user name> ; <password> ::= <name> |
In a CREATE USER
statement, a username and a password are entered. In most SQL products, the username is just a name consisting of letters and numbers. The password is a simple name as well.
Example 23.1. Introduce two new users: CHRIS
with the password CHRISSEC
, and PAUL
with the password LUAP
.
CREATE USER CHRIS IDENTIFIED BY CHRISSEC CREATE USER PAUL IDENTIFIED BY LUAP
Products such as DB2 and Oracle can process both statements without any problem. On the other hand, they do not work with MySQL because the definitions of the concepts username and password differ; see the following definition:
<user name> ::= <name> | '<name>' | '<name>'@'<host name>' <password> ::= <alphanumeric literal> |
The first difference is that, in MySQL, the password must be placed between quotation marks. The second difference is that if the username is specified as a name, for example as CHRIS
, this name is changed to the specification 'CHRIS'@'%'
. The first statement in the previous code could have been written in full as follows:
CREATE USER 'CHRIS'@'%' IDENTIFIED BY 'CHRISSEC'
The specification behind the @
sign represents the name of the host. Users log on from a certain machine. The machine on which the database server runs is called localhost. We used this specification in Chapter 4 for the user BOOKSQL
. After the following CREATE USER
statement, for example, user SAM
can log on only from the machine called TEST
. From the previous statement, CHRIS
is allowed to log on from any machine.
CREATE USER 'SAM'@'TEST' IDENTIFIED BY 'CHRISSEC'
Users who have just been introduced do not have many privileges yet. They can log on to SQL and perform all operations for which no privileges are required. For example, they can use the HELP
function or execute a COMMIT
statement. However, whether they can access tables remains to be seen.
Each user has the right to use the ALTER USER
statement to change his or her password.
<alter user statement> ::= ALTER USER <user name> IDENTIFIED BY <password> |
If the removed user has created tables and indexes, what happens next depends on the product. SQL removes only users who are not the owner of any database object. Therefore, these objects have to be removed first. Many other SQL products work like this. Other products drop the user but keep all tables and indexes of this user. Finally, some products remove the user together with all his or her database objects.
SQL supports the following table privileges.
SELECT
—. This privilege gives a user the right to access the specified table with the SELECT
statement. He or she can also include the table in a view formula. However, a user must have the SELECT
privilege for every table (or view) specified in a view formula.
INSERT
—. This privilege gives a user the right to add rows to the specified table with the INSERT
statement.
DELETE
—. This privilege gives a user the right to remove rows from the specified table with the DELETE
statement.
UPDATE
—. This privilege gives a user the right to change values in the specified table with the UPDATE
statement.
REFERENCES
—. This privilege gives a user the right to create foreign keys that refer to the specified table.
ALTER
—. This privilege gives a user the right to change the table with the ALTER TABLE
statement.
INDEX
—. This privilege gives a user the right to define indexes on the table.
ALL
or ALL PRIVILEGES
—. This privilege is a shortened form for all the privileges just named.
A table privilege may be granted only by users who have enough privileges themselves.
<grant statement> ::= <grant table privilege statement> <grant table privilege statement> ::= GRANT <table privileges> ON <table specification> TO <grantees> [ WITH GRANT OPTION ] <table privileges> ::= ALL [ PRIVILEGES ] | <table privilege> [ { , <table privilege> }... ] <table privilege> ::= SELECT | INSERT | DELETE | UPDATE [ <column list> ] | REFERENCES [ <column list> ] | ALTER | INDEX <column list> ::= ( <column name> [ { , <column name> }... ] ) <grantees> ::= PUBLIC | <user name> [ { , <user name> }... ] |
Here are a few examples of how table privileges must be granted. We assume, unless otherwise mentioned, that the user called BOOKSQL
enters the statements.
Explanation. After this GRANT
statement has been processed, JAMIE
may use any SELECT
statement to query the PLAYERS
table, regardless of who has created the table.
Multiple table privileges can be granted to multiple users simultaneously.
Example 23.5. Give JAMIE
and PETE
the INSERT
and UPDATE
privilege for all columns of the TEAMS
table.
GRANT INSERT, UPDATE ON TEAMS TO JAMIE, PIET
A certain table privilege does not automatically lead to another. If we grant an INSERT
privilege to a user, he or she does not automatically receive the SELECT
privilege; it has to be granted separately.
A privilege can be granted to one user, to a number of users, or to PUBLIC
(MySQL does not support this feature). If a privilege is granted to PUBLIC
, each user who has been introduced gets that privilege. This also applies to all users introduced after the granting of the privilege, so after a user is entered into the system, he or she automatically receives all the privileges granted to PUBLIC
.
Example 23.6. Give all users the SELECT
and INSERT
privileges on the PENALTIES
table.
GRANT SELECT, INSERT ON PENALTIES TO PUBLIC
With several privileges, including UPDATE
and REFERENCES
, you can indicate the columns to which the privilege applies. In that case, we call it column privileges. When you do not specify a column, as in the previous examples, it means that the privilege applies to all columns of the table.
Example 23.7. Give PETE
the UPDATE
privilege for the columns PLAYERNO
and DIVISION
of the TEAMS
table.
GRANT UPDATE (PLAYERNO, DIVISION) ON TEAMS TO PETE
Table privileges are effective for a certain table. SQL also supports privileges for an entire database, such as the privilege to create tables or views in a certain database.
SQL supports the following database privileges:
SELECT
—. This privilege gives the user the right to access all tables of the specified database with the SELECT
statement.
INSERT
—. This privilege gives the user the right to add rows to all tables of the specified database with the INSERT
statement.
DELETE
—. This privilege gives the user the right to remove rows from all tables of the specified database with the DELETE
statement.
UPDATE
—. This privilege gives the user the right to update values in all tables of the specified database with the UPDATE
statement.
REFERENCES
—. This privilege gives the user the right to create foreign keys that point to tables of the specified database.
CREATE
—. This privilege gives the user the right to create new tables in the specified database with the CREATE TABLE
statement.
ALTER
—. This privilege gives the user the right to alter all tables of the specified database with the ALTER TABLE
statement.
DROP
—. This privilege gives the user the right to remove all tables of the specified database.
INDEX
—. This privilege gives the user the right to define and remove indexes on all tables of the specified database.
CREATE TEMPORARY TABLES
—. This privilege gives the user the right to create temporary tables in the specified database.
CREATE VIEW
—. This privilege gives the user the right to create new views in the specified database with the CREATE VIEW
statement.
CREATE ROUTINE
—. This privilege gives the user the right to create new stored procedures and functions for the specified database; see Chapters 30, “Stored Procedures” and 31, “Stored Functions.”
ALTER ROUTINE
—. This privilege gives the user the right to update and remove existing stored procedures and functions of the specified database.
EXECUTE ROUTINE
—. This privilege gives the user the right to invoke existing stored procedures and functions of the specified database.
LOCK TABLES
—. This privilege gives the user the right to block existing tables of the specified database; see Section 27.10, in Chapter 27, “Transactions and Multiuser Usage.”
ALL
or ALL PRIVILEGES
—. This privilege is a shortened form for all the privileges just named.
The definition of this GRANT
statement resembles the one for granting table privileges. However, there are two important differences. First, the list with privileges is longer and the ON
clause looks different.
<grant statement> ::= <grant database privilege statement> <grant database privilege statement> ::= GRANT <database privileges> ON [ <database name> . ] * TO <grantees> [ WITH GRANT OPTION ] <database privileges> ::= ALL [ PRIVILEGES ] | <database privilege> [ { , <database privilege> }... ] <database privilege> ::= SELECT | INSERT | DELETE | UPDATE | REFERENCES | CREATE | ALTER | DROP | INDEX | CREATE TEMPORARY TABLES | CREATE VIEW | CREATE ROUTINE | ALTER ROUTINE | EXECUTE ROUTINE | LOCK TABLES |
Example 23.8. Give PETE
the SELECT
privilege for all tables in the TENNIS
database.
GRANT SELECT ON TENNIS.* TO PETE
Explanation: So, this privilege is effective for all existing tables and also the tables that will be added to the TENNIS
database later.
Example 23.9. Give JIM
the privilege to create, update, and remove new tables and views in the TENNIS
database.
GRANT CREATE, ALTER, DROP, CREATE VIEW ON TENNIS.* TO JIM
Note that one database privilege does not imply the other here as well. JIM
is allowed to create new tables and views now, but he may not access them yet. For that, he needs to be granted a separate SELECT
privilege or more privileges.
Example 23.10. Give PETE
the SELECT
privilege to query all catalog tables in the INFORMATION_SCHEMA
database.
GRANT SELECT ON INFORMATION_SCHEMA.* TO PETE
Example 23.11. Give ALYSSA
the SELECT
and INSERT
privileges for all tables in the current database.
GRANT SELECT, INSERT ON * TO ALYSSA
Explanation: The asterisk represents the current database here.
The most effective privileges are the user privileges. For all statements for which database privileges need to be granted, user privileges can be defined as well. For example, by granting someone the privilege CREATE
on the user level, this user can create tables in all databases (instead of in one specific database). In addition, SQL supports the following additional user privileges:
CREATE USER
—. This privilege gives a user the right to create and remove new users.
<grant statement> ::= <grant user privilege statement> <grant user privilege statement> ::= GRANT <user privileges> ON *.* TO <grantees> [ WITH GRANT OPTION ] <user privileges> ::= ALL [ PRIVILEGES ] | <user privilege> [ { , <user privilege> }... ] <user privilege> ::= SELECT | INSERT | DELETE | UPDATE | REFERENCES | CREATE | ALTER | DROP | INDEX | CREATE TEMPORARY TABLES | CREATE VIEW | CREATE ROUTINE | ALTER ROUTINE | EXECUTE ROUTINE | LOCK TABLES | CREATE USER |
Example 23.12. Give MAX
the CREATE
, ALTER
, and DROP
privileges for all tables of all databases.
GRANT CREATE, ALTER, DROP ON *.* TO MAX
Explanation: So, these privileges apply to all existing databases and also to all future databases.
Example 23.13. Give ALYSSA
the privilege to create new users.
GRANT CREATE USER ON *.* TO ALYSSA
The user called root gets the following privilege during the installation of MySQL:
GRANT ALL PRIVILEGES ON *.* TO ROOT
By way of conclusion, Table 23.1 lists the levels at which privileges for certain SQL statements can be granted.
Table 23.1. Overview of Privileges
Statement | User Privilege | Database Privilege | Table Privilege | Column Privilege |
---|---|---|---|---|
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | No |
| Yes | Yes | Yes | Yes |
| Yes | Yes | No | No |
| Yes | Yes | No | No |
| Yes | Yes | No | No |
| Yes | Yes | No | No |
| Yes | Yes | No | No |
| Yes | Yes | No | No |
| Yes | No | No | No |
A GRANT
statement can be concluded with the WITH GRANT OPTION
. This means that all users specified in the TO
clause can themselves pass on the privilege (or part of the privilege) to other users. In other words, if a user is given a table privilege via the WITH GRANT OPTION
, he or she can grant that privilege on the table without being the owner of it.
Example 23.14. Give JIM
the REFERENCES
privilege on the TEAMS
table and allow him to pass it on to other users:
GRANT REFERENCES ON TEAMS TO JOHN WITH GRANT OPTION
Because of the WITH GRANT OPTION
clause, JIM can pass on this privilege to PETE
, for example:
GRANT REFERENCES ON TEAMS TO PETE
JIM
can himself extend the statement with WITH GRANT OPTION
so that PETE
, in turn, can pass on the privilege.
Granting privileges to individual users is acceptable if there are not that many. But imagine that the database consists of 300 tables and has 500 users. If everyone is to be given privileges, at least 500 GRANT
statements are required. However, it is likely that many more statements are necessary, and this is very difficult to manage. That is why the concept of role has been added to SQL.
A role is a defined set of privileges (the same privileges we have already described) that is granted to users. If the privileges of one role are altered (a table privilege is added, for example), the privileges of all users belonging to that role are changed automatically. It is easier to manage the privileges this way. A user may have several roles.
With the CREATE ROLE
statement, new roles can be created.
<create role statement> ::= CREATE ROLE <role name> |
To assign privileges to roles, the definition of the concept grantees has been extended so that all kinds of privileges can be assigned to roles.
<grantees> ::= PUBLIC | <user name> [ { , <user name> }... ] | <role name> [ { , <role name> }... ] |
A special version of the GRANT
statement has also been created to assign roles to users.
<grant statement> ::= <grant role statement> <grant role statement> ::= GRANT <role name> [ { , <role name> }... ] TO <grantees> |
Example 23.15. Create the role SALES
and give this role the SELECT
and INSERT
privileges on the PENALTIES
table. Next, grant the SALES
role to users ILENE
, KELLY
, JIM
, and MARC
.
CREATE ROLE SALES GRANT SELECT, INSERT ON PENALTIES TO SALES GRANT SALES TO ILENE, KELLY, JIM, MARC
Explanation: The first statement creates the new role. With the GRANT
statement, table privileges are granted. The structure of this statement is the same as the one used for granting privileges to users. Next, with a special version of the GRANT
statement, we give the role to the four users. It is now possible to extend the privileges of the SALES
role with one statement instead of using an entire set of GRANT
statements.
Roles can be removed with the DROP ROLE
statement. And, of course, all privileges belonging to that role also are removed; in turn, the users lose their privileges.
Several catalog tables are used to record users, roles, and privileges:
Users are recorded in the USERS
table.
Roles are stored in the ROLES
table.
The USER_ROLES
table is used to record which user has which role.
The COLUMN_AUTHS
table contains information about the privileges granted on specific columns.
The TABLE_AUTHS
table contains information about privileges on specific tables.
Contrary to many other SQL products, SQL does not remember who granted a privilege. When SQL has approved and processed a granted privilege, it does not record who granted the privilege. In the various catalog views, the column GRANTOR
(the grantor of the privilege) has been included but has the value UNKNOWN
everywhere. The GRANTEE
(the person who receives the privilege), however, has been filled everywhere.
The USERS
table contains only one column, the name of the user. This column also forms the primary key of this table.
Table 23.2. Columns of the USERS
Catalog Table
Column Name | Data Type | Description |
---|---|---|
|
| Name of the user. |
The ROLES
table also consists of only one column, the name of the role.
Table 23.3. Columns of the ROLES
Catalog Table
Column Name | Data Type | Description |
---|---|---|
|
| Name of the role. |
The USER_ROLES
table has the following structure. (The columns USER_NAME
and ROLE_NAME
form the primary key of this table.)
Table 23.4. Columns of the USER_ROLES
Catalog Table
Column Name | Data Type | Description |
---|---|---|
|
| Name of the user. |
|
| Name of the role. |
The column privileges are recorded in a separate catalog table, the COLUMN_AUTHS
table. The primary key of this table is formed by the columns GRANTOR
, TABLE_NAME
, GRANTEE
, and COLUMN_NAME
. The table has the following structure:
Table 23.5. Columns of the COLUMN_AUTHS
Catalog Table
Data Type | Description | |
---|---|---|
|
| User who granted the privilege. |
|
| User who received the privilege. |
|
| Name of the owner of the table on which the privilege is granted. (In MySQL, this is the name of the database to which the table belongs.) |
|
| Table or view on which the privilege is granted. |
|
| Column name on which the |
|
| Indication of what kind of privilege it is. |
|
| If this column is filled with the value |
The TABLE_AUTHS
table has the following structure. The primary key of this table is formed by the columns GRANTOR
, GRANTEE
, TABLE_CREATOR
, TABLE_NAME
, and PRIVILEGE
. You can see that the column privileges are not recorded in this table.
Table 23.6. Columns of the TABLE_AUTHS
Catalog Table
Column Name | Data Type | Description |
---|---|---|
|
| User who granted the privilege. |
|
| User who received the privilege. |
|
| Name of the owner of the table on which the privilege is granted. (In MySQL, this is the name of the database to which the table belongs.) |
|
| Table or view on which the privilege is granted. |
|
| Indication of what kind of privilege it is. |
|
| If this column is filled with the value |
The DATABASE_AUTHS
table has the following structure. The primary key of this table is formed by the columns GRANTOR
, GRANTEE
, DATABASE_NAME
, and PRIVILEGE
.
Table 23.7. Columns of the DATABASE_AUTHS
Catalog Table
Data Type | Description | |
---|---|---|
|
| User who granted the privilege. |
|
| User who received the privilege. |
|
| Database on which the privilege is granted. |
|
| Indication of what kind of privilege it is. |
|
| If this column is filled with the value |
The USER_AUTHS
table has the following structure. The primary key of this table is formed by the columns GRANTOR
, GRANTEE
, and PRIVILEGE
.
Table 23.8. Columns of the USER_AUTHS
Catalog Table
Column Name | Data Type | Description |
---|---|---|
|
| User who granted the privilege. |
|
| User who received the privilege. |
|
| Indication of what kind of privilege it is; if this column is filled with the value |
|
| If this column is filled with the value |
Example 23.17. Which users are allowed to query the PLAYERS
table in the TENNIS
database?
SELECT GRANTEE FROM USER_AUTHS WHERE PRIVILEGE = 'SELECT' UNION SELECT GRANTEE FROM DATABASE_AUTHS WHERE DATABASENAME = 'TENNIS' AND PRIVILEGE = 'SELECT' UNION SELECT GRANTEE FROM TABLE_AUTHS WHERE TABLE_CREATOR = 'TENNIS' AND PRIVILEGE = 'SELECT'
Explanation. This example requires a search in three tables because SELECT
privileges can be defined on three levels.
The REVOKE
statement withdraws privileges from a user without deleting that user from the USERS
table. This statement has the opposite effect of the GRANT
statement.
<revoke statement> ::= <revoke table privilege statement> | <revoke database privilege statement> | <revoke user privilege statement> | <revoke role statement> <revoke table privilege statement> ::= REVOKE <table privileges> ON <table specification> FROM <grantees> <table privileges> ::= ALL [ PRIVILEGES ] | <table privilege> [ { , <table privilege> }... ] <table privilege> ::= SELECT | INSERT | DELETE | UPDATE [ <column list> ] | REFERENCES [ <column list> ] | ALTER | INDEX <revoke database privilege statement> ::= REVOKE <database privileges> ON [ <database name> . ] * FROM <user name> [ { , <user name> }... ] <database privileges> ::= ALL [ PRIVILEGES ] | <database privilege> [ { , <database privilege> }... ] <database privilege> ::= SELECT | INSERT | DELETE | UPDATE | REFERENCES | CREATE | ALTER | DROP | INDEX | CREATE TEMPORARY TABLES | CREATE VIEW | CREATE ROUTINE | ALTER ROUTINE | EXECUTE ROUTINE | LOCK TABLES <revoke user privilege statement> ::= REVOKE <user privileges> ON *.* FROM <user name> [ { , <user name> }... ] <user privileges> ::= ALL [ PRIVILEGES ] | <user privilege> [ { , <user privilege> }... ] <user privilege> ::= SELECT | INSERT | DELETE | UPDATE | REFERENCES | CREATE | ALTER | DROP | INDEX | CREATE TEMPORARY TABLES | CREATE VIEW | CREATE ROUTINE | ALTER ROUTINE | EXECUTE ROUTINE | LOCK TABLES | CREATE USER <column list> ::= ( <column name> [ { , <column name> }... ] <revoke role statement> ::= REVOKE <role name> [ { , <role name> }... ] FROM <grantees> <grantees> ::= PUBLIC | <user name> [ { , <user name> }... ] |
Example 23.18. The SELECT
privilege of JIM
on the PLAYERS
table is to be withdrawn. (We assume that the situation is as it was at the end of Section 23.8.)
REVOKE SELECT ON PLAYERS FROM JIM
The relevant privilege is now deleted from the catalog.
Example 23.19. Withdraw the REFERENCES
privilege on the TEAMS
table from JIM
.
REVOKE REFERENCES ON TEAMS FROM JIM
This privilege is withdrawn, together with all the privileges that are directly or indirectly dependent on it. In the example, PETE
also loses his REFERENCES
privilege on the TEAMS
table.
With the REVOKE
statement, a role of a user can also be deleted and privileges of roles can be withdrawn. Examples of both features follow.
Example 23.21. Withdraw the SELECT
privilege on the PENALTIES
table of the role called SALES
.
REVOKE SELECT ON PENALTIES FROM SALES
It could be that a user has been granted overlapping privileges. He received, for example, the table privilege UPDATE
on the PLAYERS
table and also the user privilege UPDATE
for all tables in all databases. If one of the two is withdrawn, the other privilege remains.
A GRANT
statement can refer not only to tables, but also to views. (See the definition of the GRANT
statement in Section 23.3.) Let’s look at this more closely.
Because privileges can also be granted for views, you can provide users with access to only a part of a table or only to information derived or summarized from tables. The following are examples of both features.
Example 23.22. Give DIANE
the privilege to read only the names and addresses of noncompetitive players.
First, DIANE
must be entered with a CREATE USER
statement.
CREATE USER DIANE IDENTIFIED BY 'SECRET'
Second, a view is created specifying which data she may see:
CREATE VIEW NAME_ADDRESS AS SELECT NAME, INITIALS, STREET, HOUSENO, TOWN FROM PLAYERS WHERE LEAGUENO IS NULL
The last step is to grant DIANE
the SELECT
privilege on the NAME_ADDRESS
view:
GRANT SELECT ON NAME_ADDRESS TO DIANE
With this statement, DIANE
has access to only that part of the PLAYERS
table defined in the view formula of NAME_ADDRESS
.
Example 23.23. Make sure that user GERARD
can look at only the number of players in each town.
First, we introduce GERARD
.
CREATE USER GERARD IDENTIFIED BY 'XYZ1234'
The view that we use looks like this:
CREATE VIEW RESIDENTS (TOWN, NUMBER_OF) AS SELECT TOWN, COUNT(*) FROM PLAYERS GROUP BY TOWN
Now we give GERARD
the privilege for the previous view:
GRANT SELECT ON RESIDENTS TO GERARD
All types of table privilege can be granted on views.
GRANT SELECT, INSERT ON PLAYERS TO RONALDO | |
GRANT ALL ON COMMITTEE_MEMBERS TO PUBLIC | |
GRANT UPDATE(STREET, HOUSENO, POSTCODE, TOWN) ON PLAYERS TO RONALDO |
CREATE USER JOE IDENTIFIED BY 'JAZZ' CREATE USER JACO IDENTIFIED BY 'JAZZ' CREATE USER CHRIS IDENTIFIED BY 'JAZZ' CREATE ROLE ADMIN GRANT ALL ON COMMITTEE_MEMBERS TO ADMIN |
13.59.177.14