Author Dmitry Yemanov
18.07.2013 6:02, Alexandre Benson Smith wrote:
> Can someone give some info about the role of each table ? As far as I
> can see RDB$USER_PRIVILEGES has all the information needed and
> RDB$SECURITY_CLASS dos not have all the information (misses GRANT
> OPTION) but have some info for SYSDBA that I don't know the meaning...

RDB$USER_PRIVILEGES is kinda public interface for RDB$SECURITY_CLASSES,
the latter is mostly a lower level representation of the former.
RDB$SECURITY_CLASSES defines ACLs actually used by the engine to
validate permissions. It includes not only SQL permissions but also some
special ones like "control", "protect" and "delete" that are assigned to
the object owner. RDB$USER_PROCEDURES is used only when we need to grant
something or show/export the grants, as it lists only grantable
permissions and includes the grant option.