PRIVILEGES and EFFECTIVE_PRIVILEGES Views

Displays the privileges, including inheritance, for users and groups on schemas, catalogs and data services. Both views show all direct (explicit) and inherited privileges based on the privileges of the user and group, or its group membership.
The PRIVILEGES result set contains rows for users and groups that have any privilege directly set. If a user or group does not have any direct privilege, it will not be shown in this view. It is a condensed view of the EFFECTIVE_PRIVILEGES view.
The EFFECTIVE_PRIVILEGES result set contains rows for all users and groups that have any privilege directly set or a privilege can be derived from its group membership. For example, if a user does not have any privileges set on any of the Federation Server objects, the user will still be in the result set if the user is a member of a group that has a direct privilege set.
By default, if a privilege is not explicitly listed in the result sets, it is denied.
Note: Both of these views can return very large result sets depending on the configuration of SAS Federation Server. Subsetting on DATA_SERVICE, CATALOG_NAME, and/or SCHEMA_NAME can reduce the size of the result set.
The table below lists the columns that are associated with the PRIVILEGES and EFFECTIVE_PRIVILEGES view:
Name
Type
Description
DATA_SERVICE
VARCHAR(256)
Specifies the name of the data service.
CATALOG_NAME
VARCHAR(256)
Specifies the name of the catalog.
SCHEMA_NAME
VARCHAR(256)
Specifies the name of the schema.
GRANTOR_ID
VARCHAR(256)
Specifies the AuthID of the user that granted or denied the privilege.
GRANTOR
VARCHAR(256)
Specifies the name of the user who is granted or denied the privilege.
GRANTOR_TYPE
CHAR(1)
Specifies the grantor type as U (User) or R (Role).
GRANTEE_ID
VARCHAR(256)
Specifies the AuthID of the user that is granted or denied the privilege.
GRANTEE
VARCHAR(256)
Specifies the name of the user who is granted or denied the privilege.
PRIVILEGE_NAME
VARCHAR(20)
Specifies the privilege name as one of the following values:
SELECT
UPDATE
INSERT
REFERENCES
PRIVILEGE_TYPE
VARCHAR(5)
Specifies the privilege type as GRANT or DENY.
GRANTABLE
CHAR(1)
Specifies if the privilege can be granted. The only valid value is or N (No).
INHERITED
CHAR(1)
Indicates if the privilege is inherited as either Y or N.
SOURCE_OBJECT_LEVEL
INTEGER
Specifies the object level where the privilege is inherited, as one of the following values:
0 — server
1 — data service
2 — catalog
3 — schema
SOURCE_GRANTEE_ID
VARCHAR(256)
Specifies the AuthID of a group or user from which the privilege is derived.
SOURCE_GRANTEE
VARCHAR(256)
Specifies the name of the group or user from which the privilege is derived.
SOURCE_GRANTEE_TYPE
CHAR(1)
Specifies the source_grantee type as U (User) or G (Group).
Copyright © SAS Institute Inc. All rights reserved.