This example shows how to define permissions for a sample multi-tenant database. Suppose the user IDs are joesmith@acme, jenjones@acme, joesmith@gentac, and tracyblack@gentac.

Suppose you want all users to have Can-Read permission for a table, but only certain users to have Can-Write, Can-Create, and Can-Delete privileges. The following example shows how to specify this information, in which all users have Can-Read permission; Joe Smith at Acme and Tracy Black at Gentac have Can-Write permission; all users at Acme and at Gentac have Can-Create permission; and both Joe Smiths, one at Acme and the other at Gentac, have Can-Delete permission:

Can-Read:    *
Can-Write:   joesmith@acme,tracyblack@gentac
Can-Create:  *@acme,*@gentac
Can-Delete:  joesmith@*

In the next example, the blank user ID does not have Can-Read permission, whereas all other users have the permission. All users, except Joe Smith at Acme and Joe Smith at Gentac, have Can-Write permission:

Can-Read:   !,*
Can-Write:  !joesmith@acme,!joesmith@gentac,*