I'd recommend setting up group roles (roles which cannot login) to grant your various permission sets to, and then add users to the appropriate groups, using permission inheritence. Then any grants/revokes you make in the future to the groups automatically apply to the users. You may wish to divide up permissions into several groups for manageability.
On Mon, Jan 7, 2013 at 9:15 PM, 戴松晚 <151359779@xxxxxx> wrote:
1, The two users can access all of the exist relations.
Provided by them having membership of the same group.
2, User2 can access the relations that are created by user1 in the future without any 'grant....'.
3, User1 can access the tables, functions and so on that are created by user2.
Grant will still be required, but only once (to the appropriate group).
