Example 1

    The following example grants access rights to a single user:

    RDO>  DEFINE PROTECTION FOR DATABASE
    cont> POSITION 3
    cont> IDENTIFIER [CLERKS,DAVIES]
    cont> ACCESS "READ+WRITE+MODIFY+ERASE".

    This statement performs the following actions:

    o  Specifies the location of the entry within the access
       control list. The new entry is in the third position and all
       subsequent entries are moved to the next higher position.

    o  Uses an identifier to designate the user who is granted access
       rights.

    o  Grants the specified access rights. Oracle Rdb denies all other
       rights.

    Example 2

    The following example grants access rights to a group of users:

    RDO>  DEFINE PROTECTION FOR RELATION SALARY_HISTORY
    cont>      AFTER [ANALYSTS,JOHNSON]
    cont>      IDENTIFIER [ANALYSTS,*]
    cont>      ACCESS
    cont>      "READ+WRITE+MODIFY+ERASE -
    cont>      +DEFINE+CHANGE+DELETE".

    This statement performs the following actions:

    o  Names the relation SALARY_HISTORY. The new ACL entry will be
       applied to this relation.

    o  Uses the AFTER clause to specify the location of the entry
       within the ACL. In this case, the new ACL entry appears after
       the entry for user identifier [ANALYSTS,JOHNSON].

    o  Identifies the set of users ([ANALYSTS,*]) who are granted the
       listed access rights. In this case, the new identifier has the
       same group identifier as the identifier that precedes it in
       the list. This means that for user JOHNSON in group ANALYSTS,
       Oracle Rdb will grant the privileges listed in the earlier
       entry. All other users in group ANALYSTS will fall through
       to the entry identified by [ANALYSTS,*]. Oracle Rdb grants these
       other members of group PROGRAMMERS the rights listed in this
       statement. In this way, the system gives general rights to
       a group and more specific rights to a single member of the
       group.

    Example 3

    The following example grants access rights on the specific field
    to a group of users:

    RDO>  DEFINE PROTECTION FOR FIELD SALARY_AMOUNT IN SALARY_HISTORY
    cont>      AFTER [MANAGERS,SMITH]
    cont>      IDENTIFIER [MANAGERS,*]
    cont>      ACCESS MODIFY.

    The following examples show how to specify the identifiers in a
    DEFINE PROTECTION statement.

    Example 4

    In this example, all users with the UIC matching [25,*] and
    running a batch job are granted the access rights listed.

    RDO>  DEFINE PROTECTION FOR DATABASE
    cont> POSITION 4
    cont> IDENTIFIER [25,*]+BATCH
    cont> ACCESS READ+DEFINE+CHANGE+DELETE.

    2 Example 5

    All users associated with the general identifier DATAENTRY and
    using RDO interactively are granted update access rights.

    RDO>  DEFINE PROTECTION FOR DATABASE
    cont> POSITION 5
    cont> IDENTIFIER DATAENTRY+INTERACTIVE
    cont> ACCESS READ+WRITE+MODIFY+STORE.

    Example 6

    User JONES gets the specified access rights.

    RDO> DEFINE PROTECTION FOR DATABASE
    cont> POSITION 6
    cont> IDENTIFIER [RDB,JONES]
    cont> ACCESS READ+WRITE+MODIFY+ERASE.