GRANT

Description

The GRANT command is used to grant specified privilege to the specified user or role.

Grant privilege for databases and tables:

GRANT privilege_list
ON db_name[.tbl_name]
TO user_identity [ROLE role_name]

Grant resource privilege:

GRANT privilege_list
ON RESOURCE resource_name
TO user_identity [ROLE role_name]

• privilege_list

  List of privileges to be granted, separated by comma.

  Currently PALO supports the following privileges:

  • ADMIN_PRIV：All privileges except node management.
  • GRANT_PRIV：Privilege to grant privileges, including creating and dropping users and roles, granting and revoking privileges, setting passwords, etc.
  • SELECT_PRIV：Privilege to read specified library or table
  • LOAD_PRIV：Privilege to load specified library or table
  • ALTER_PRIV：Privilege to change the schema of specified library or table
  • CREATE_PRIV：Privilege to create specified library or table
  • DROP_PRIV：Privilege to drop specified library or table
  • USAGE_PRIV：Privilege to use specified resource

  In addition, there are two syntax sugar privileges that can be used for quick granting:

  • ALL

    Similar to read and write privileges, which is equivalent to granting:

    SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV

    these privileges.

  • READ_ONLY

    Similar to read-only privilege, which is equivalent to SELECT_PRIV。

  Classification of privileges:

  1. Library and table privileges: SELECT_PRIV，LOAD_PRIV，ALTER_PRIV，CREATE_PRIV，DROP_PRIV
  2. Resource privilege: USAGE_PRIV

• db_name[.tbl_name] supports the following three forms:

  1. *.*：Privileges can be applied to all libraries and all tables in library.
  2. db.*：Privileges can be applied to all tables under specified library.
  3. db.tbl：Privileges can be applied to specified table under specified library.

  The specified library or table here can be a nonexistent library or table.

• resource_name supports the following two forms:

  1. *：Privileges are applied to all resources.
  2. resource：Privileges are applied to a specified resource.

  The specified resource here can be a nonexistent resource.

• user_identity

  The user_identity syntax here is the same as the syntax in CREATE USER and must be the user_identity created by using CREATE USER. The host inuser_identity can be a domain name. If it is a domain name, the effective time of privilege may be delayed for about 1min.

  The privilege can also be granted to specified ROLE, if the specified ROLE does not exist, then it will be automatically created.

Example

1. Grant privileges on all libraries and tables to users

   GRANT SELECT_PRIV ON *.* TO 'jack'@'%';

2. Grant privileges on specified libraries and tables to users

   GRANT SELECT_PRIV,ALTER_PRIV,LOAD_PRIV ON db1.tbl1 TO 'jack'@'192.8.%';

3. Grant privileges on specified libraries and tables to users

   GRANT LOAD_PRIV ON db1.* TO ROLE 'my_role';

4. Grant privileges on all resources to users

   GRANT USAGE_PRIV ON RESOURCE * TO 'jack'@'%';

5. Grant privileges on specified resources to users

   GRANT USAGE_PRIV ON RESOURCE 'odbc_resource' TO 'jack'@'%';

6. Grants privileges on use of specified resources to roles

   GRANT USAGE_PRIV ON RESOURCE 'odbc_resource' TO ROLE 'my_role';

Keywords

GRANT