In SQL, access protection is based on the assignment of privileges. An authorized user (known as the “grantor”) authorizes another user (known as the “grantee”) to carry out a certain action on a specific object by granting that user the relevant privileges.

SESAM/SQL distinguishes between special privileges, table privileges and privileges for routines. In the case of special privileges, the object is the database or, if the privilege is USAGE ON STOGROUP, the object is a storage group. In the case of table privileges, the object is a specific table within a specific schema. In the case of privileges for routines, the object is a procedure or a User Defined Function (UDF) within a schema.

A privilege is therefore identified in terms of the grantor, grantee, action and object. Consequently, two otherwise identical privileges that differ only in that they are assigned to the grantee by two different grantors are regarded as different privileges.