Authorization in SQL is currently at the level of tables or columns. Many applications need a finer level of control. The authors propose a model for fine-grained authorization based on adding predicates to authorization grants. Their model supports predicated authorization to specific columns, cell-level authorization with nullification, authorization for function/procedure execution, and grants with grant option. Their model also incorporates other novel features, such as query defined user groups, and authorization groups, which are designed to simplify administration of authorizations. Their model is designed to be a strict generalization of the current SQL authorization mechanism.