Alter Configuration Object ACE statement

Modifies an ACE (Access Control Entry) for a configuration object's ACL (Access Control List).

ALTER ACE FORconf_object_type "object_name" (USER "user_name" | GROUP "group_name") ACCESSRIGHTS 
 (VIEW | MODIFY | FULLCONTROL | DENIEDALL | DEFAULT | CUSTOM [GRANTgrant_accessright1 [, 
 ... grant_accessrightN]] 
 [DENY deny_accessright1 [, 
 ... deny_accessrightN]]) 
 DEFAULT default_accessright1 [, 
 ... default_accessrightN]]);

where:

• conf_object_type is the type of configuration object for which an ACE is to be altered, from the following list: DBINSTANCE, DBCONNECTION, DBLOGIN, SCHEDULE, USER, EVENT.

  • "object_name" is the name of the configuration object, of type string.

• USER "user_name" is the login name of the user to be assigned to the new ACE, of type string.

• GROUP "group_name" is the login name of the group to be assigned to the new ACE, of type string.

• ACCESSRIGHTS indicates what access rights to grant or deny:

• VIEW grants View rights: BROWSE, READ, USE, EXECUTE.

• MODIFY grants Modify rights: BROWSE, READ,WRITE, DELETE, USE, EXECUTE.

• FULLCONTROL grants all rights.

• DENIEDALL explicitly denies all rights.

• DEFAULT neither grants nor denies rights; all rights are inherited from groups.

• CUSTOM allows you to specify which rights are granted and denied:

• GRANT grant_accessright1..N is the access right (or list of access rights) to be granted to/from the ACE, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.

• DENY deny_accessright1..N is the access right (or list of access rights) to be denied to/from the ACE, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.

• DEFAULT default_accessright1..N is the access right (or list of access rights) in the ACE to be inherited, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.

Example

ALTER ACE FOR SCHEDULE "All the time" USER 
 "Developer" ACCESSRIGHTS CUSTOM GRANT CONTROL;