Column Rights

Every right except the Delete right may be assigned at both table and column level. If you grant a user group rights on a particular table, the rights you grant them on a particular column MUST be more restrictive. An analogy to describe the difference between table and column rights is that table rights provide access to a certain filing cabinet, with the right to open its drawers, whereas column rights selectively close some of those drawers again.

For example, you can give a user group the right to select or update only ONE specific column of a table. You can do this by switching all rights ON at the table level (Scope = Foreground And Background), and then switching the appropriate right(s) OFF at the column level (Scope at the column level = None).

Column rights have the following characteristics:

·	If, for a column, a record exists with the right All, no other rights can be defined for that column.

·	A column right cannot be of the Delete type.

·	It is not allowed to define an INSERT privilege with scope NONE for a mandatory column.

·	A column right of the Select type cannot have a condition.