GRANT
GRANT grants one or more privileges on specific objects to a user or a role.
Grants roles to users or other roles.
For more information about the privileges that can be granted, see Privilege items.
After a GRANT operation is performed, you can run SHOW GRANTS to view detailed privilege information or run REVOKE to revoke a privilege or role.
Before a GRANT operation is performed, make sure that the related user or role has been created. For more information, see CREATE USER and CREATE ROLE.
tip
- Only users with the
user_admin
role can grant any privilege to other users and roles. - After a role is granted to a user, you must run SET ROLE to activate this role before you perform operations as this role. If you want all default roles to be activated upon login, run ALTER USER or SET DEFAULT ROLE. If you want all privileges in the system to be activated for all users upon login, set the global variable
SET GLOBAL activate_all_roles_on_login = TRUE;
. - Common users can only grant privileges that have the
WITH GRANT OPTION
keyword to other users and roles.
Syntax
Grant privileges to roles or users
System
GRANT
{ CREATE RESOURCE GROUP | CREATE RESOURCE | CREATE EXTERNAL CATALOG | REPOSITORY | BLACKLIST | FILE | OPERATE | CREATE STORAGE VOLUME }
ON SYSTEM
TO { ROLE | USER} {<role_name>|<user_identity>} [ WITH GRANT OPTION ]
Resource group
GRANT
{ ALTER | DROP | ALL [PRIVILEGES] }
ON { RESOURCE GROUP <resource_group_name> [, <resource_group_name >,...] | ALL RESOURCE GROUPS}
TO { ROLE | USER} {<role_name>|<user_identity>} [ WITH GRANT OPTION ]