Options for Granting or Revoking Access Rights
The Authorizer offers four options to grant or revoke access rights:
This option updates all rights for a specified application. That is, the rights of all user groups that have access to that application.
This option updates all rights that a specified user group has for a specified application.
This option updates all rights that a certain user has for a given application.
This option revokes all rights for a given application, for one or all users.
When updating application rights, only users of accounts with type RDBMS or Funnel are included in the GRANT statements. Funneling accounts are NOT included.
Removing a user from a user group without assigning them to another user group, and then updating the application/user group rights, is not sufficient to revoke the right of the user as defined in the database server. You must explicitly generate and execute "hand over the (RDBMS) key" statements to revoke the rights in the database server, otherwise it would still be possible to bypass the Authorizer using RDBMS vendor middleware.
You should use the Revoke All Table Rights option to revoke a user's rights in the database server.
When application rights or user group rights are updated, the rights of the application OWNER are not updated. The only way to update the rights of the application owner, is by updating the owner's individual update rights.